Curve Finance confirmed the compromise of the DNS server

On the evening of May 12, attackers hacked the interface of the DeFi platform Curve Finance and replaced the domain with a malicious IP address of a phishing site with a drainer that can empty wallets.

Late last night, the curve [.] fi domain was compromised at the DNS level. This exploit redirected traffic to a malicious IP not associated with Curve Finance. No smart contracts or internal systems were breached—the protocol itself remains fully operational and secure.

User...

— Curve Finance (@CurveFinance) May 13, 2025

"No smart contracts or internal systems are affected — the protocol itself remains fully operational and secure," the project stated.

According to the team, the incident is strictly "limited to the level" of DNS. Developers urged not to use the domain curve[.]fi and have already presented a new one — curve.finance.

According to the statement, after detecting the attack they:

• localized the problem;
• began a full investigation;
• contacted the DNS service provider and cybersecurity partners;
• strengthened the operational protection protocols.

"In recent weeks, the number of attacks targeting the infrastructure of various crypto projects has noticeably increased. Such incidents affect the entire market and highlight the importance of a systematic approach to security. Curve Finance is taking all necessary measures to ensure the safety of users' funds and restore the stable operation of the service," the statement says.

At the time of writing, the domain registrar iwantmyname has not responded to Curve Finance's request to regain access.

Dear @iwantmyname. Your response time is totally unsacceptable: we need access to curve [.] fi taken away from hackers and the incident to be investiGate.iod. As of now, DNS still points to a drainer which can lead users to lose millions if they interact with it!

— Curve Finance (@CurveFinance) May 13, 2025

The last post on the service provider's X-account was published in December 2024.

"DNS still points to the drainer, which could lead to users losing millions if they interact with it!", the project warned.

Recall that in April, the crypto industry lost $364 million due to hacker attacks, fraud, and breaches — 92% of the amount was attributed to phishing, as calculated by CertiK.