Curve Finance, one of the largest decentralized finance (DeFi) protocols, suffered a DNS hijacking attack on Monday that compromised its main website, โcurve.fi.โ
Widely used for stablecoin and pegged-asset trading, Curve plays a key role in DeFi as a core liquidity provider. Its smart contracts are deeply integrated across other protocols, helping to maintain efficient, low-slippage trading across the ecosystem.
Attack Redirected Users to a Fake Curve Finance Website
The incident involved the manipulation of Curveโs Domain Name System (DNS) records, redirecting users from the official domain to a malicious clone.
Sponsored
The fake site mirrored Curveโs interface and contained scripts designed to trick users into approving token transfers to attacker-controlled wallets.
Curveโs team confirmed the incident was strictly limited to the DNS layer and did not affect its smart contracts or core infrastructure.
Curve Responds and Launches Investigation
In response, Curveโs team isolated the issue, launched a full investigation, and began working with its domain registrar and external security partners.
The team noted that some safeguards were already in place prior to the breach and committed to enhancing protections going forward.
Users were advised to avoid โcurve.fiโ and instead use the alternate domain โcurve.finance.โ Wallet providers like Phantom have blocked the compromised domain and issued warnings to users.
What Are DNS Attacks and Why Are They So Dangerous?
DNS attacks are infrastructure-level exploits that do not hack the blockchain, but instead hack the way users get to it.
By exploiting DNS records, attackers can redirect users to fake websites that look identical to the real ones. On DeFi platforms like Curve, this can trick users into connecting wallets and approving transactions, unknowingly sending funds to hackers.
These attacks are hard to detect, since the web address may still appear correct, making them especially dangerous even when smart contracts remain secure.
Not Curveโs First Breach
Curve Finance has faced similar attacks before. In 2022, a DNS hijack led to $570,000 in losses. In 2023, a separate exploit tied to the Vyper programming language resulted in $24 million in damages across DeFi projects.
Just days before the latest DNS incident, Curveโs X account was also briefly hijacked to spread a malicious link.
On the Flipside
- Despite the breach, Curve still holds over $2.3 billion in TVL and remains a cornerstone protocol for stablecoin liquidity in DeFi.
- Browser-based vulnerabilities are not unique to Curveโmany DeFi protocols rely on front-end infrastructure, making this a broader industry concern.
Why This Matters
Curve is deployed across 22 blockchain networks and ranks among the top 20 DeFi protocols. While its smart contracts remain secure, repeated infrastructure breaches highlight ongoing concerns about DeFi platforms’ operational security.
Discover DailyCoinโs top crypto news:
HBAR, XRP Erupt: SWIFT Drops Bombshell Crypto Wallet News
Bitcoin Record Price Run Today Ignites $2B Liquidation Chaos
