Curve Finance Reportedly Hacked, Users Urged to Avoid the Website

The website of Curve Finance, a major decentralized finance (DeFi) protocol, has reportedly been hacked. 

The team posted an urgent alert on X (formerly Twitter), advising users not to interact with the platform. While details remain vague, the protocol has potentially suffered a DNS hijack. 

Curve Finance Hacked – What We Know So Far

The incident has reportedly impacted multiple DeFi projects. Convex Finance and Resupply, both of which rely on Curve’s data feeds, reported outages and functionality issues. 

Both teams confirmed their own platforms remain secure, but dependent services are disrupted until Curve’s domain is restored.

Convex's website uses data from Curve, and Curve's domain name is currently suffering an attack. As a result, this data is currently unavailable, which negatively impacts most of Convex’s website. Convex's website is safe but will not work correctly until Curve’s domain name… https://t.co/d4npGmMgyn

— Convex Finance (@ConvexFinance) May 12, 2025

DNS hijacking is a type of cyberattack where attackers manipulate the Domain Name System to redirect users to malicious sites. In this case, attackers could trick users into interacting with fraudulent versions of Curve’s platform.

Security experts and users have flagged this as a strong reminder of the risks associated with DeFi frontends. Unlike decentralized smart contracts, web frontends remain vulnerable to traditional attacks such as DNS hijacking.

Projects linked to Curve, including Convex, have emphasized that while their backends are unaffected, users should avoid signing transactions or interacting with dApps tied to Curve during this period.

While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet!We are investigating and working on recovering the access.No sign of a compromise on our side https://t.co/YUmwtwt5PH

— Curve Finance (@CurveFinance) May 12, 2025

Curve Finance said it is working with affected partners to resolve the issue. As the investigation continues, further updates are expected.

This situation highlights the need for DeFi protocols to focus more heavily on frontend security. Recent DeFi hacks reflect that the front end remains an exposed vector despite decentralized architectures.

This is a developing story.