Catenaa, Friday, May 16, 2025- Decentralized finance protocol Curve Finance confirmed late Monday that its primary website was targeted in a Domain Name System (DNS) attack, warning users to avoid interaction with the compromised domain.
The protocol disclosed that the “curve.fi” domain had been hijacked in what it described as a DNS spoofing incident. Although the front-end interface was affected, Curve said its smart contracts and core infrastructure remained secure and fully operational.
Users were urged to refrain from accessing the compromised domain. The team temporarily redirected users to “curve.finance” and noted that wallet providers such as Phantom have blocked access to the breached domain while displaying warning messages.
In an update Tuesday morning, Curve said it had launched a full investigation into the incident and was working closely with its domain registrar and cybersecurity partners. The team emphasized that no user funds were compromised.
This is the second time Curve has been hit by such an attack. A similar incident occurring in 2022.
That attack allowed hackers to reroute traffic to a fraudulent IP address, resulting in theft from users’ wallets.
The incident follows another recent security lapse in which Curve’s official X account was hacked to promote a malicious wallet-draining link. The team regained control shortly after the breach.
Curve Finance ranks as the 20th largest DeFi protocol by total value locked, managing over \$2.3 billion across 22 blockchain networks, according to DefiLlama.
