Curve Finance is moving permanently to a new web domain following a targeted DNS attack that exposed users to phishing risks.
On May 13, the DeFi protocol confirmed that it will operate on Curve.finance, replacing the compromised Curve.fi.
The protocol explained that it was making the move because of the prolonged downtime and limited support from .fi domain registrars.
It stated:
“[The] .fi [domain] will be down for too long / no point of moving back. Also registrars who can hold .fi are somewhat not as great as those who can deal with .finance.”
On May 12, hackers hijacked the DNS records for Curve.fi, redirecting visitors to a malicious website that mimicked the protocol’s interface. This fake site attempted to trick users into signing wallet-draining transactions.
Following the incident, Curve said that the issue was contained at the DNS level and that no internal systems were breached.
However, the compromised website was left on for several hours as the domain registrar, iwantmyname, failed to respond to community complaints.
Curve said:
“[The registrar’s] response time is totally unacceptable: we need access to curve [.] fi taken away from hackers and the incident to be investigated.”
Speaking on this, Yu Xian, the founder of blockchain security firm Slowmist, highlighted the risk that the issue could have caused, noting that:
“The phishing gang [was] playing dirty tricks at the front end with fake wallet pop-up scams, directly fishing for mnemonic phrases… I have to say, this is pretty sleazy.”
The compromised domain name has been frozen since the attack.
Curve’s security challenges
In 2022, the protocol suffered a similar DNS hijack, which led to user losses totaling approximately $530,000. Notably, the firm was using the same registrar, iwantmyname, at the time of the attack.
Meanwhile, the recent DNS attack comes just over a week after a separate security event in which a hacker temporarily took over Curve’s X account.
On May 5, a hacker took over the platform’s social media handle to post phishing links. The team regained control of the account quickly and said no user funds were impacted.
Meanwhile, security experts emphasized that the back-to-back incidents show that attackers are shifting focus from code exploits to infrastructure-based vulnerabilities.
This year, the crypto industry has lost around $2 billion to malicious actors who have exploited centralized exchanges like Bybit and several DeFi protocols.