-
Curve Finance’s front-end was compromised in a DNS hijack attack late Monday.
-
The protocol’s smart contracts and funds remain secure.
-
Users are warned not to use the main curve.fi domain until further notice.
Front-End Breach via DNS Spoofing
Curve Finance has confirmed that its main website, curve[.]fi, was hit by a DNS hijack attack, potentially redirecting users to malicious interfaces. The incident follows a similar compromise of Curve’s X (Twitter) account last week.
No Impact on Smart Contracts or Funds
The team clarified that the attack only affected the DNS layer. The core infrastructure and smart contracts were untouched, and all user funds are safe. As a precaution, Curve has temporarily switched to curve[.]finance as its primary front-end domain.
Ongoing Investigation and Response
Curve has launched a full investigation and contacted its domain registrar. Wallet providers like Phantom have blocked access to the affected domain and issued warnings. The team is working with security partners to prevent further risk.
Curve Finance is one of the largest DeFi platforms, currently holding over $2.3 billion in total value locked across 22 networks.
