Curve Finance has suffered a DNS hijack, prompting the DeFi protocol to shift domains and advise users to avoid its main site.
Background
- Curve Finance, a major decentralized exchange focused on stablecoin trading, experienced a DNS record attack that redirected its primary domain, curve[.]fi, to a malicious source.
- The incident was first flagged late Monday, with the team confirming that its DNS was compromised in what appears to be a spoofing attempt.
- In response, Curve warned users not to engage with the compromised site and temporarily redirected traffic to curve[.]finance to ensure continued access.
- Wallet providers like Phantom took immediate action, blocking the compromised domain and issuing security alerts for users.
Why should you pay attention?
- DNS attacks are particularly dangerous in the DeFi space, as they can lead users to malicious frontends that drain wallets or trick them into signing harmful transactions.
- Although Curve’s smart contract infrastructure remains unaffected and user funds are reportedly safe, this incident highlights ongoing risks even for established platforms.
- Curve currently ranks as the 20th largest DeFi protocol by total value locked, with over $2.3 billion in TVL spread across 22 networks, amplifying the potential impact of any security breach.
Who said what?
- In a post on X, Curve Finance stated:
“The incident has not affected the protocol’s infrastructure and is strictly limited to the DNS layer. User funds are safe.”
- The team also confirmed it had initiated a full investigation and reached out to its domain registrar and security partners to resolve the issue.
- The incident follows a separate phishing exploit just a week earlier, when scammers briefly took over Curve’s official X account to distribute wallet-drainer links.
Zooming out
- This is not Curve’s first DNS-related breach, a similar incident occurred in 2022 when attackers redirected its DNS to steal user funds.
- The recurrence of such attacks reflects ongoing vulnerabilities in third-party infrastructure used by DeFi protocols.
- With phishing and spoofing incidents on the rise, Curve’s response may influence how other DeFi platforms handle front-end vulnerabilities and DNS security going forward.
- The situation reinforces the need for decentralized alternatives to DNS and improved wallet protections across the ecosystem.
