{"id":23934,"date":"2025-05-13T13:41:44","date_gmt":"2025-05-13T10:41:44","guid":{"rendered":"https:\/\/forklog.com\/en\/curve-finance-confirms-dns-server-compromise\/"},"modified":"2025-05-13T13:41:44","modified_gmt":"2025-05-13T10:41:44","slug":"curve-finance-confirms-dns-server-compromise","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/curve-finance-confirms-dns-server-compromise\/","title":{"rendered":"Curve Finance Confirms DNS Server Compromise"},"content":{"rendered":"<p>On the evening of May 12, attackers breached the interface of the DeFi platform Curve Finance, redirecting the domain to a malicious IP address of a phishing site equipped with a drainer capable of emptying wallets.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Late last night, the curve [.] fi domain was compromised at the DNS level. This exploit redirected traffic to a malicious IP not associated with Curve Finance. No smart contracts or internal systems were breached\u2014the protocol itself remains fully operational and secure.<\/p>\n<p>User\u2026<\/p>\n<p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1922199907269501130?ref_src=twsrc%5Etfw\">May 13, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cNo smart contracts or internal systems were affected\u2014the protocol itself remains fully operational and secure,\u201d the project stated.<\/p>\n<\/blockquote>\n<p>The team assured that the incident was strictly \u201climited to the DNS level.\u201d Developers urged users not to use the domain curve[.]fi and have already introduced a new one\u2014curve.finance.<\/p>\n<p>According to the statement, after discovering the attack, they:<\/p>\n<ul class=\"wp-block-list\">\n<li>localized the issue;<\/li>\n<li>initiated a full investigation;<\/li>\n<li>contacted the DNS service provider and cybersecurity partners;<\/li>\n<li>strengthened operational security protocols.<\/li>\n<\/ul>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cIn recent weeks, there has been a noticeable increase in attacks targeting the infrastructure of various crypto projects. Such incidents affect the entire market and underscore the importance of a systematic approach to security. Curve Finance is taking all necessary measures to ensure the safety of user funds and restore stable service operations,\u201d the statement read.<\/p>\n<\/blockquote>\n<p>At the time of writing, the domain registrar iwantmyname had not responded to Curve Finance&#8217;s request to regain access.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Dear <a href=\"https:\/\/twitter.com\/iwantmyname?ref_src=twsrc%5Etfw\">@iwantmyname<\/a>. Your response time is totally unsacceptable: we need access to curve [.] fi taken away from hackers and the incident to be investigated. As of now, DNS still points to a drainer which can lead users to lose millions if they interact with it!<\/p>\n<p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1922208277036712431?ref_src=twsrc%5Etfw\">May 13, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The last post on the <a href=\"https:\/\/x.com\/iwantmyname\">X account<\/a> of the service provider was published in December 2024.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cDNS still points to a drainer which can lead users to lose millions if they interact with it!\u201d the project warned.<\/p>\n<\/blockquote>\n<p>In April, the crypto industry <a href=\"https:\/\/forklog.com\/en\/news\/phishing-accounts-for-92-of-aprils-crypto-crime-revenue\">lost $364 million<\/a> due to hacks, fraud, and breaches\u201492% of the amount was attributed to phishing, according to CertiK.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On the evening of May 12, attackers breached the interface of the DeFi platform Curve Finance, redirecting the domain to a malicious IP address of a phishing site equipped with a drainer capable of emptying wallets. Late last night, the curve [.] fi domain was compromised at the DNS level. This exploit redirected traffic to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":23933,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1426,44,1093],"class_list":["post-23934","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-curve-crv","tag-cybercrime","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"57","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=23934"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23934\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/23933"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=23934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=23934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=23934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}