Curve Finance | Crypto

Curve Finance attackers used DNS hijacking to exploit its front end, redirecting users to a fake site and draining wallets. On May 12, 2025, at 20:55 UTC, hackers hijacked the “.fi” domain name system (DNS) of Curve Finance after managing to access the registrar. They began sending its users to a malicious website, attempting to drain their wallets. This was the second attack on Curve Finance’s infrastructure in a week. Users were directed to a website that was a non-functional decoy, designed only to trick users into providing wallet signatures. The hack hadn’t breached the protocol’s smart contracts and was limited to the DNS layer. Read more

Curve Finance is moving permanently to a new web domain following a targeted DNS attack that exposed users to phishing risks. On May 13, the DeFi protocol confirmed that it will operate on Curve.finance, replacing the compromised Curve.fi. The protocol explained that it was making the move because of the prolonged downtime and limited support […] The post Curve Finance moves to new domain after DNS attack exposes security risks appeared first on CryptoSlate.

Onchain security firm Blockaid speculates it might be a front end attack, and says not to sign transactions and avoid interactions with Curve until the issue is resolved. Update May 13, 12:33 am UTC: This article has been updated to include more information from Curve Finance. Decentralized finance (DeFi) protocol Curve Finance has warned that a hacker has again hijacked its domain name system (DNS), sending users to a malicious website.   In the second attack on its infrastructure in a week, the “curve.fi DNS might be hijacked. Don’t interact!” the team said in a May 12 warning to X. Read more