Finance platform transitions to a fresh domain address, successfully recovering from a DNS assault.
In a recent incident, Curve Finance, a significant player in the Decentralized Finance (DeFi) ecosystem, suffered a DNS hijacking attack that compromised its original domain, curve.fi. The attack occurred on May 12, 2025, when the protocol's ".fi" domain was hijacked at the registrar level, allowing attackers to redirect users to a phishing site aimed at draining wallets.
The back-end smart contracts and user funds were not compromised, but the temporary loss of the original domain created risks for users. This underscores the urgent need to strengthen security in domain management and DNS infrastructure in DeFi projects.
In response, Curve Finance took several key steps to strengthen its security. Users were directed to a safer domain, curve.finance, to avoid the compromised site. Takedown requests were initiated for the malicious phishing domain, and registrar-level protections were enhanced to prevent future domain hijacks. The platform is also investigating decentralized hosting solutions such as Ethereum Name Service (ENS) and InterPlanetary File System (IPFS) to reduce reliance on centralized domain registrars and improve resistance to similar attacks.
This incident was not the first DNS compromise Curve Finance experienced, indicating a continued focus on hardening their domain and front-end security. The attack highlights that DeFi security depends on robust web interfaces and infrastructure.
Users are advised to navigate through official channels, avoid signing transactions or connecting wallets on sites with warnings or unusual behavior, and verify URLs match the official domain. Two-factor authentication (2FA) and secure password managers should be used to protect access. Secure backups of mnemonic phrases and private keys are essential to protect funds.
Active participation in official communities and forums helps to receive early alerts about fraud attempts and updated recommendations. The new domain, curve.finance, is hosted on a registrar with greater robustness and technical support.
The migration to curve.finance was accompanied by clear and constant communication through official channels, demonstrating the importance of flexible infrastructure and rapid response plans in the face of cyber threats. Prevention in DeFi is a joint effort between robust platforms and informed users, and continuous education and the adoption of good practices are the best defense against attacks.
- To mitigate potential safety risks, Curve Finance has implemented cybersecurity measures, such as initiating takedown requests for malicious phishing domains and enhancing registrar-level protections, which aim to prevent future domain hijacking incidents.
- As a proactive measure against cyber threats, Curve Finance has embraced decentralized hosting solutions like Ethereum Name Service (ENS) and InterPlanetary File System (IPFS), intending to lessen reliance on centralized domain registrars and fortify resistance against similar attacks in the future.
