Attackers redirected Curve Finance website visitors to a fake site. On May 13, 2025, decentralized protocol Curve Finance shared on X that its front end was compromised on a DNS level. It stated the “exploit redirected traffic to a malicious IP not associated with Curve Finance.” However, “no smart contracts or internal systems were breached—the protocol itself remains fully operational and secure,” stated the post.
While assuring that the exploit was on a surface level and did not affect the protocol infrastructure, Curve Finance mentioned that they have taken the measures to isolate the issue to the DNS layer, initiated a full investigation, engaged their domain with registrar and security partners, and reinforced all operational security protocols.
More importantly, the “DNS incident involving curve [.] fi reflects a broader issue across the industry. In recent weeks, there has been a noticeable increase in attacks targeting the infrastructure of various crypto projects. Such incidents affect the entire market and highlight the importance of a systematic approach to protection.”
In August 2022, a similar attack occurred when the attacker cloned the Curve Finance website and rerouted the DNS server to the fake page. Users who were on the website had their accounts drained into a pool that the hackers owned.
A Domain Name System (DNS) record is data saved in a server that helps the internet handle requests by translating domain names into IP addresses.
Apart from the DNS attack, recently Curve Finance’s X handle was compromised, however, the Curve Finance Team stated “the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds were impacted, and no victims of phishing links which the hacker’s posts.”
