Finance platform relocates to novel digital address following successful resolution of DNS assault.
In a recent development, the DeFi platform Curve Finance suffered a DNS hijacking attack in May 2025, compromising its original domain curve.fi. The incident put the DeFi community on high alert, exposing a critical weak point in the platform's security - the web layer.
The attack redirected users to a fake website designed to steal funds through phishing. In response, Curve Finance took immediate action to mitigate the risks.
Firstly, the team promptly warned users of the hijacking and worked to regain control over their domain to stop the malicious redirection. This was followed by a migration to a new official domain, curve.finance, to strengthen defenses and restore user confidence. The migration was accompanied by clear and constant communication through official channels.
Curve Finance also expanded its operational footprint by launching on Etherlink, an EVM-compatible Layer 2 blockchain built on the Tezos network. This move diversified their infrastructure, potentially reducing reliance on a single centralized infrastructure point vulnerable to such attacks.
In addition, Curve supported Etherlink’s "$3M Apple Farm Season 2" rewards program to accelerate DeFi activity. This focus on building a more resilient and incentivized ecosystem indirectly supports platform health and security.
While explicit technical details on hardening DNS or web infrastructure were not extensively detailed, these strategic steps suggest an approach combining increased transparency, infrastructure diversification, and ecosystem incentives to mitigate future risks linked to centralized points of failure like DNS hijacking.
The temporary loss of the original domain during the attack posed risks to users, highlighting the need for vigilance. Navigating only through official channels and verifying URLs are key practices to avoid phishing and fraud. Participating in official communities and forums can provide early alerts about fraud attempts and updated recommendations.
It is important to note that the investment in cryptocurrencies is not fully regulated and may not be suitable for retail investors due to its high volatility, with a risk of losing the entire amount invested.
The vulnerability in the DNS layer underscores the critical need for robust domain security practices and multi-layered defense strategies within decentralized finance platforms. The repetition of this attack pattern underscores the urgent need to strengthen security in domain management and DNS infrastructure in DeFi projects.
Prevention in the DeFi industry is a joint effort between robust platforms and informed users. Continuous education and the adoption of good practices are the best defense against attacks that exploit trust and lack of attention. It is recommended to avoid interaction with suspicious sites or unconfirmed links.
The attack did not affect the blockchain infrastructure and smart contracts of Curve Finance, avoiding direct protocol losses. As the DeFi landscape continues to evolve, it is crucial for platforms to prioritize security measures, especially in the web layer, to protect users and maintain trust.
- To prevent future DNS hijacking attacks, Curve Finance should consider implementing cybersecurity measures aimed at strengthening the domain security practices within their DeFi platform.
- As the DeFi landscape evolves, it's essential for users to practice safety by navigating only through official channels, verifying URLs, and avoiding interaction with suspicious sites or unconfirmed links, as these are key practices to avoid phishing and fraud.
