Curve Finance has confirmed that user funds remain secure following a DNS hijacking attack on its official website, curve.fi.
In a follow-up statement issued early this morning, the DeFi protocol clarified that the attack was limited to the Domain Name System (DNS) layer and did not compromise the protocol’s core infrastructure, internal systems, or smart contracts.
While the protocol itself remains fully functional and operational, Curve has urged users to avoid interacting with the affected domain until further notice.
Official updates and safety instructions are being disseminated only through Curve Finance’s verified communication channels to avoid the spread of misinformation.
DNS Hijacking Led Users to Malicious Phishing Sites
The DNS hijacking incident led unsuspecting users to malicious phishing websites, which could potentially compromise wallet information and lead to unauthorized transactions.
The attack marks the second security breach for Curve Finance in less than a week, following a separate incident on May 5 when the platform’s official X (formerly Twitter) account was hacked.
In both cases, the attackers sought to exploit Curve’s user base by redirecting traffic and disseminating misleading information.
These incidents have heightened security concerns within the DeFi community, highlighting the vulnerabilities that can arise not only from smart contracts but also from third-party infrastructure components like DNS services.
Blockchain Security Firm Blockaid Detects Front-End Tampering
Blockchain security company Blockaid played a critical role in identifying the attack. Their analysis revealed that the attackers may have tampered with DNS resolution records, thereby carrying out what is known as a “front-end attack.”
The kind of attack affects the user interface layer rather than the blockchain protocols themselves.
Blockaid warned users to immediately halt all transaction signing operations to avoid falling victim to potential asset theft.
The Curve team responded by coordinating with their domain registrar to resolve the issue and has since taken emergency measures to minimize user risk.
Curve’s Response and Ongoing Risk Mitigation
Despite the absence of any direct compromise to its smart contracts or backend systems, Curve Finance continues to advise extreme caution to its users.
The team emphasized that while the website’s functionality is gradually being restored, the potential risk of interacting with the hijacked domain remains until full control is re-established.
The platform’s swift response and transparency have been positively received by much of the crypto community.
The incident serves as a stark reminder that even well-established DeFi platforms are not immune to external threats, particularly at the DNS and social media level.
As the platform works to strengthen its security posture, it urges users to rely solely on verified updates for safe navigation.
Also Read: ZKsync and Matter Labs Confirm Their X Accounts Are Still Under Hacker Control and Caution Users