- Curve Finance DNS hijack redirected customers to a malicious clone website.
- CRV price has slid about 7.7% as buyers panicked and dumped tokens.
- Curve Finance plans migration from DNS to ENS to boost front-end safety.
Late on May 12, Curve Finance warned in an X publish that its “curve.fi” area is perhaps hijacked, and customers have been urged to keep away from the location altogether.
Seems like https://t.co/vOeMYOTq0l DNS is perhaps hijacked. Don’t work together!
— Curve Finance (@CurveFinance) May 12, 2025
According to an update issued by Curve Finance on X, the attackers rerouted the official Curve web site’s DNS entries to a front-end clone designed to empty wallets by a deceptively easy drainer hyperlink embedded within the web page.
While the platform’s good contracts stay unaffected and safe, the compromised area now factors to an IP tackle managed by malicious actors.
Wallet suppliers such as Phantom swiftly responded by blocking the “curve.fi” tackle and displaying distinguished warnings to customers trying to attach.
Following the attack, Curve Finance has opened a full investigation, participating safety companions and its area registrar to get better management and restore the real website.
Curve DAO (CRV) token price dips
In the wake of the DNS attack, CRV’s price has slipped to round $0.7231 on the CoinMarketCap live chart, marking a 7.7% decline over the previous 24 hours as panic unfold amongst buyers.
As the price drops, buying and selling quantity has surged to over $188 million as holders raced to exit positions amidst the unfolding safety disaster.
In addition, the token’s market capitalisation has fallen to roughly $973.1 million, underscoring the tangible affect of off-chain vulnerabilities on on-chain belongings.
Although Bitcoin’s personal retreat from $105,000 to $102,000 contributed to some downward strain, analysts agree that the DNS incident served as the first catalyst for the Curve DAO (CRV) sell-off.
Technical indicators present CRV revisiting price ranges final seen previous to the latest China-US commerce deal, reflecting heightened volatility and investor concern.
It’s the second time Curve Finance is dealing with a DNS attack
The May 13 attack marks Curve Finance’s second front-end DNS breach, following a similar incident in July 2023 when round $61 million was siphoned earlier than containment.
On that event, Binance froze greater than $450,000 after the wrongdoer tried to launder funds by its trade, whereas Fixed Float recovered about 112 ETH.
Curve subsequently modified DNS suppliers and suggested customers to revoke all approvals tied to the compromised area, however front-end danger remained unaddressed.
The protocol’s social media channels have additionally been focused, with its X account briefly hijacked on May 5 to publish phishing hyperlinks earlier than being reclaimed on May 6.
Yesterday, the official @CurveFinance X account was compromised. As you already know, entry has been absolutely restored.
To make clear: the incident was restricted strictly to the X account. No different Curve accounts have been affected. No safety points have been discovered on our facet, no person funds… https://t.co/8bci75uZGr
— Curve Finance (@CurveFinance) May 6, 2025
While Curve Finance has reiterated that no person funds have been impacted, the cumulative sequence of breaches has eroded person belief within the platform’s exterior infrastructure.
Users have voiced frustration at Curve’s incapability to safe its public-facing layers regardless of sturdy on-chain protocols, with one commenter noting that “secure contracts don’t matter much when the domain itself is the weak link.”
Security specialists emphasise that front-end vulnerabilities pose existential dangers for DeFi, as pockets connections and transaction approvals are mediated by person interfaces.
Industry friends are monitoring Curve’s remediation efforts carefully, understanding {that a} profitable ENS migration may set a brand new normal for protocol safety.
Meanwhile, buyers are watching CRV’s efficiency for indicators of restoration or additional draw back, with broader market situations additionally enjoying a essential function.
Curve Finance to maneuver from DNS to ENS
In response to the most recent attack, Curve Finance confirmed plans to ditch conventional DNS in favour of the Ethereum Name Service (ENS) for its human-readable addresses.
Unlike DNS, ENS utilises good contracts on Ethereum’s blockchain to handle naming, eliminating reliance on centralised registrars and internet hosting suppliers.
By transitioning to ENS, Curve goals to bolster front-end safety and minimise the attack floor that allowed malicious actors to hijack its area.
The change to “curve.finance” underneath ENS governance represents a structural shift towards decentralisation past merely good contracts.
As Curve Finance diligently works to revive its official web site and full its ENS transition, CRV’s price trajectory stays unsure within the close to time period.
For now, CRV buyers should navigate heightened volatility and evolving safety measures as Curve Finance battles again from one other front-end exploit.
