On the evening of May 12, attackers breached the interface of the DeFi platform Curve Finance, redirecting the domain to a malicious IP address of a phishing site equipped with a drainer capable of emptying wallets.
Late last night, the curve [.] fi domain was compromised at the DNS level. This exploit redirected traffic to a malicious IP not associated with Curve Finance. No smart contracts or internal systems were breached—the protocol itself remains fully operational and secure.
User…
— Curve Finance (@CurveFinance) May 13, 2025
“No smart contracts or internal systems were affected—the protocol itself remains fully operational and secure,” the project stated.
The team assured that the incident was strictly “limited to the DNS level.” Developers urged users not to use the domain curve[.]fi and have already introduced a new one—curve.finance.
According to the statement, after discovering the attack, they:
- localized the issue;
- initiated a full investigation;
- contacted the DNS service provider and cybersecurity partners;
- strengthened operational security protocols.
“In recent weeks, there has been a noticeable increase in attacks targeting the infrastructure of various crypto projects. Such incidents affect the entire market and underscore the importance of a systematic approach to security. Curve Finance is taking all necessary measures to ensure the safety of user funds and restore stable service operations,” the statement read.
At the time of writing, the domain registrar iwantmyname had not responded to Curve Finance’s request to regain access.
Dear @iwantmyname. Your response time is totally unsacceptable: we need access to curve [.] fi taken away from hackers and the incident to be investigated. As of now, DNS still points to a drainer which can lead users to lose millions if they interact with it!
— Curve Finance (@CurveFinance) May 13, 2025
The last post on the X account of the service provider was published in December 2024.
“DNS still points to a drainer which can lead users to lose millions if they interact with it!” the project warned.
In April, the crypto industry lost $364 million due to hacks, fraud, and breaches—92% of the amount was attributed to phishing, according to CertiK.