Curve Finance, one of the most well-known decentralized finance (DeFi) platforms in the crypto space, is once again facing a serious security issue. In a fresh wave of concern, the Curve team announced on May 12 that its Domain Name System (DNS) has been hijacked — a situation that could potentially expose users to phishing attacks and wallet-draining scams. This marks the second attack on Curve’s infrastructure in just one week, raising new alarms about the safety of interacting with DeFi protocols during ongoing technical threats.
In a post shared on X (formerly Twitter), the Curve Finance team alerted users that its primary web address, curve.fi, is now pointing to a malicious server. That means anyone trying to access the platform may unknowingly land on a fake site controlled by hackers. The warning was simple but urgent: “curve.fi DNS might be hijacked. Don’t interact!”
Further clarifying the issue, the Curve team explained that while their smart contracts remain uncompromised, the DNS now routes users to an unauthorized IP address — essentially a fraudulent mirror of the Curve website designed to trick users into connecting their wallets and signing malicious transactions. The team added that two-factor authentication is intact and their password security is uncompromised. Still, they’ve reached out to their DNS registrar in an effort to reclaim control over the domain.
Security firm Blockaid, which specializes in onchain protection and threat detection, echoed the warning. According to their assessment, this is likely a “frontend attack” — a type of exploit where the visible user interface of a web app is hijacked to carry out harmful activities like stealing wallet data or redirecting funds. Blockaid urged users to avoid interacting with the Curve website for now and emphasized: “If you’re connected, please refrain from signing transactions and avoid interactions with the DApp until the issue is resolved.”
This isn’t the first time Curve has experienced such an attack. Back in August 2022, the protocol suffered a similar DNS hijack where attackers successfully cloned the Curve website and rerouted unsuspecting users to the rogue site. Those who attempted to use the platform ended up losing funds to wallet-draining scripts. While that incident prompted tighter security measures, this most recent breach highlights how persistent and adaptable bad actors in the crypto space have become.
Worryingly, this is Curve’s second security scare in just one week. On May 5, its official X account was taken over by a hacker. In a follow-up post the next day, Curve confirmed that no other systems were affected and that no user funds were lost in that incident. However, the fact that two distinct breaches — one targeting the social media presence and the other the web infrastructure — occurred within such a short time raises questions about the broader attack surface surrounding high-profile DeFi platforms.
Unfortunately, Curve isn’t alone. Just days before the May 12 DNS hijack, Tron DAO’s X account was also compromised, and in April, UK Member of Parliament Lucy Powell had her X account hijacked to promote a scam token dubbed the “House of Commons Coin.” These repeated attacks on crypto-related and influential public accounts suggest a coordinated push by cybercriminals to exploit trust-based platforms for illicit gain.
As of now, Curve’s team is working diligently to regain control of its domain. In the meantime, the most important advice for users is straightforward: do not engage with the Curve website, do not sign any transactions, and stay alert for phishing attempts. Curve’s smart contracts remain safe, but users connecting to the wrong interface risk losing funds irreversibly.
This situation underscores a broader lesson in DeFi: even the most reputable platforms can fall prey to sophisticated attacks, and vigilance from the user base remains critical. As the Curve team continues their investigation and recovery, the crypto community is reminded — once again — that decentralization doesn’t make platforms immune to centralized weak points like DNS or social media.
