- Curve Finance DNS hijack redirected customers to a malicious clone website.
- CRV worth has slid about 7.7% as traders panicked and dumped tokens.
- Curve Finance plans migration from DNS to ENS to reinforce front-end safety.
Late on Could 12, Curve Finance warned in an X submit that its “curve.fi” area could be hijacked, and customers have been urged to keep away from the positioning altogether.
Looks as if https://t.co/vOeMYOTq0l DNS could be hijacked. Do not work together!
— Curve Finance (@CurveFinance) Could 12, 2025
In response to an replace issued by Curve Finance on X, the attackers rerouted the official Curve web site’s DNS entries to a front-end clone designed to empty wallets by means of a deceptively easy drainer hyperlink embedded within the web page.
Whereas the platform’s sensible contracts stay unaffected and safe, the compromised area now factors to an IP handle managed by malicious actors.
Pockets suppliers corresponding to Phantom swiftly responded by blocking the “curve.fi” handle and displaying outstanding warnings to customers making an attempt to attach.
Following the assault, Curve Finance has opened a full investigation, partaking safety companions and its area registrar to get well management and restore the real website.
Curve DAO (CRV) token worth dips
Within the wake of the DNS assault, CRV’s worth has slipped to round $0.7231 on the CoinMarketCap reside chart, marking a 7.7% decline over the previous 24 hours as panic unfold amongst traders.
As the value drops, buying and selling quantity has surged to over $188 million as holders raced to exit positions amidst the unfolding safety disaster.
As well as, the token’s market capitalisation has fallen to roughly $973.1 million, underscoring the tangible affect of off-chain vulnerabilities on on-chain property.
Though Bitcoin’s personal retreat from $105,000 to $102,000 contributed to some downward strain, analysts agree that the DNS incident served as the first catalyst for the Curve DAO (CRV) sell-off.
Technical indicators present CRV revisiting worth ranges final seen previous to the latest China-US commerce deal, reflecting heightened volatility and investor concern.
It’s the second time Curve Finance is dealing with a DNS assault
The Could 13 assault marks Curve Finance’s second front-end DNS breach, following an identical incident in July 2023 when round $61 million was siphoned earlier than containment.
On that event, Binance froze greater than $450,000 after the perpetrator tried to launder funds by means of its change, whereas Mounted Float recovered about 112 ETH.
Curve subsequently modified DNS suppliers and suggested customers to revoke all approvals tied to the compromised area, however front-end danger remained unaddressed.
The protocol’s social media channels have additionally been focused, with its X account briefly hijacked on Could 5 to submit phishing hyperlinks earlier than being reclaimed on Could 6.
Yesterday, the official @CurveFinance X account was compromised. As you already know, entry has been absolutely restored.
To make clear: the incident was restricted strictly to the X account. No different Curve accounts have been affected. No safety points have been discovered on our aspect, no person funds… https://t.co/8bci75uZGr
— Curve Finance (@CurveFinance) Could 6, 2025
Whereas Curve Finance has reiterated that no person funds have been impacted, the cumulative sequence of breaches has eroded person belief within the platform’s exterior infrastructure.
Customers have voiced frustration at Curve’s incapacity to safe its public-facing layers regardless of strong on-chain protocols, with one commenter noting that “secure contracts don’t matter much when the domain itself is the weak link.”
Safety consultants emphasise that front-end vulnerabilities pose existential dangers for DeFi, as pockets connections and transaction approvals are mediated by means of person interfaces.
Trade friends are monitoring Curve’s remediation efforts carefully, understanding {that a} profitable ENS migration might set a brand new customary for protocol safety.
In the meantime, traders are watching CRV’s efficiency for indicators of restoration or additional draw back, with broader market circumstances additionally enjoying a important position.
Curve Finance to maneuver from DNS to ENS
In response to the newest assault, Curve Finance confirmed plans to ditch conventional DNS in favour of the Ethereum Title Service (ENS) for its human-readable addresses.
Not like DNS, ENS utilises sensible contracts on Ethereum’s blockchain to handle naming, eliminating reliance on centralised registrars and internet hosting suppliers.
By transitioning to ENS, Curve goals to bolster front-end safety and minimise the assault floor that allowed malicious actors to hijack its area.
The swap to “curve.finance” underneath ENS governance represents a structural shift towards decentralisation past merely sensible contracts.
As Curve Finance diligently works to revive its official web site and full its ENS transition, CRV’s worth trajectory stays unsure within the close to time period.
For now, CRV traders should navigate heightened volatility and evolving safety measures as Curve Finance battles again from one other front-end exploit.