A recent attack on Curve Finance serves as another reminder of potential vulnerabilities in decentralized finance infrastructure. Hackers seized the domain name system and redirected users to a fraudulent site.
What Happened to Curve Finance
On May 12, 2025, hackers hijacked the domain "curve.fi," redirecting users to a malicious website aimed at draining funds. This was the second attack on Curve Finance's infrastructure in a week. However, the hackers were unable to breach the protocol's smart contracts, indicating no vulnerability at the protocol level.
How Attackers Execute DNS Hijacking
DNS hijacking occurs when attackers interfere with the DNS resolution process, directing users to fake websites. Several methods are employed for DNS interception including local and router hijacking, allowing attackers to stealthily change DNS records.
How Curve Finance Responded to the Attack
Immediately following the attack, the Curve team took steps to neutralize the threat. They successfully reverted the domain to neutral settings, temporarily taking the website offline. Additionally, a secure alternative was launched at "curve.finance." Key actions included user notifications, domain recovery requests, and collaboration with security partners.
The Curve Finance incident highlights vulnerabilities in DeFi systems where interface security relies on centralized infrastructures. It is crucial to continue adopting decentralized technologies to enhance user safety.
