Curve Finance, one of the most influential protocols in the DeFi ecosystem, recently suffered a severe DNS hijacking attack that compromised its original domain curve.fi.
In response, the platform migrated to a new official domain, curve.finance, seeking to strengthen its defense and restore the confidence of its users.
The DNS hijacking attack that targeted Curve Finance, a leading provider of decentralized finance, redirected its users to a fake website designed to steal funds via phishing. This incident alerted the DeFi community to the risks associated with the web layer, exposing a critical weakness in the platform's security.
Faced with this threat, Curve Finance made the strategic decision to migrate to a new domain.
DNS hijacking: How it happened and its impact on Curve Finance
The attack focused on the malicious manipulation of the DNS records of the curve.fi domain, which acts as the directory that translates domain names into IP addresses. The attackers managed to redirect legitimate traffic to an IP address they controlled, where they deployed an exact replica of the official Curve Finance website. On this fraudulent site, users were asked to connect their wallets and sign transactions in order to withdraw their funds.
Fortunately, Curve's blockchain infrastructure and smart contracts remained intact, preventing direct losses at the protocol level. However, the vulnerability at the DNS layer exposed users to a significant risk of phishing and asset theft. This type of attack is not new to Curve Finance, as it suffered a similar incident in 2022 that resulted in losses of over half a million dollars for users. The recurrence of this type of attack underscores the urgent need to strengthen security in domain management and DNS infrastructure in DeFi projects.
Curve Finance's response and migration to curve.finance
Given the severity of the DNS hijacking, the Curve Finance team acted quickly to isolate the issue at the DNS layer, ensuring smart contracts remained operational and funds remained secure. As an immediate measure, they enabled a new official domain, curve.finance, hosted on a more robust and technically supported registrar, which offers better safeguards against similar attacks.
The choice of curve.finance responds to the need for a more reliable domain infrastructure and DNS attack mitigation programs, overcoming the limitations of the original curve.fi domain, which is now deprecated, as reported by the protocol developers in X.
The migration was accompanied by clear and consistent communication through its official channels, alerting users to avoid interacting with the compromised domain until further notice.
LINK TO CARD AND EARN IN ONE CLICKImplications for security and continuity in DeFi
The Curve Finance attack highlights that security in DeFi depends not only on the robustness of smart contracts, but also on the integrity of web interfaces and the infrastructure that supports them. Front-ends, or user interfaces, remain vulnerable to traditional attacks such as DNS hijacking.
Curve's operational continuity through the curve.finance domain demonstrates that risks can be mitigated with a flexible infrastructure and rapid response plans. However, the temporary loss of the original domain created confusion and risks for users, who could have fallen victim to phishing if they weren't vigilant.
Blockchain Course
Basic levelTake this course where we explain blockchain in a clear, simple and concise way so that you have a very clear idea of what this new technology consists of.
Ultimately, Curve's experience is a call for decentralized platforms to complement decentralization with robust and resilient web infrastructures, and for users to adopt security practices that reduce their exposure to fraud.
Recommendations for phishing attacks
Incidents like the one suffered by Curve Finance underscore the importance of users adopting rigorous security habits to avoid falling victim to fraud. Key recommendations include always verifying that the URL corresponds to the official domain and avoiding interacting with suspicious sites or unconfirmed links. Additionally, it is recommended to browse only through official channels and avoid signing transactions or connecting wallets on sites that display warnings or unusual behavior.
On the other hand, it's important to use two-factor authentication (2FA) and secure password managers to protect access. It's also important to securely back up mnemonics and private keys, as losing or stealing them means losing all funds.
Finally, it's recommended to actively participate in official communities and forums to receive early warnings about fraud attempts and updated recommendations.
It's important to remember that prevention is a collaborative effort between robust platforms and informed users, and that ongoing education and the adoption of best practices are the best defense against attacks that exploit trust and inattention.
THE TRUST YOU DESERVE – BIT2ME LIFEIn short, the Curve Finance attack is a call for the DeFi industry to raise its security standards, strengthening front-end protection and promoting a culture of prevention among users. Only then can trust be strengthened in an ecosystem that is growing in complexity and relevance.
Investing in cryptoassets is not fully regulated, may not be suitable for retail investors due to high volatility and there is a risk of losing all invested amounts.