Decentralized protocol Curve Finance confirmed Tuesday that its front-end website was compromised, with attackers redirecting users to a fake site.

"The DNS incident involving Curve Finance reflects a broader issue across the industry," the project told Decrypt. "In recent weeks, there has been a noticeable increase in attacks targeting the infrastructure of various crypto projects."

The exploit redirected traffic to a malicious IP, the protocol said on social media. "User funds are safe. Curve smart contracts remain secure," it added.

The incident was first discovered on Monday afternoon, after which Curve Finance issued a preliminary response.

Curve Finance later said the breach was "strictly limited to the DNS layer" and did not compromise its core infrastructure.

Its security team promptly isolated the issue, initiated an investigation, and engaged with their domain registrar and security partners to address the situation, the project said.

Security measures were in place "long before the incident," the protocol added.

What happened?

According to Curve Finance, attackers manipulated the DNS records to point to an IP address under their control. A DNS record connects a domain name to details like an IP address, helping direct internet traffic.

The fraudulent site, which mirrored Curve's interface, reportedly contained malicious scripts aimed at tricking users into approving token transfers to the attackers.

"DNS exploits are a form of social engineering at the infrastructure level. Attackers compromise the domain name system,” Meir Dolev, co-founder and CTO of blockchain security firm Cyvers, told Decrypt.



If a site's mapping changes due to stolen credentials or a registrar's vulnerability, users may be redirected to harmful servers without realizing it.

"These cloned sites can prompt users to connect wallets and approve transactions that drain funds," Dolev explained. "It's particularly dangerous because the average user can't easily tell the difference—they still see the correct URL."

The attack doesn't breach the protocol's blockchain, but rather "exploits the trust layer" between the user and a decentralized app's interface.

“So long as users interact with Curve directly via verified contract addresses, their funds are likely unaffected,” Dolev noted.

Hacking history

This isn't the first time Curve has been hit.

Back in 2022, Curve Finance suffered a DNS hijack where attackers redirected users from its legitimate domain to a malicious site, resulting in approximately $570,000 in losses.

Following the attack, Curve advised users to revoke any suspicious approvals and proposed migrating to the Ethereum Name Service (ENS) to mitigate future vulnerabilities.

A year later, Curve Finance faced another exploit involving some Vyper programming language versions and the CRV/ETH pool.

The loss across affected DeFi projects was estimated at $24 million at the time.

Edited by Stacy Elliott.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。