Curve Finance (CRV), a leading decentralized finance (DeFi) protocol and popular altcoin , recently revealed it was the target of a DNS-based phishing attack on its curve[.]fi domain. The team responded swiftly by alerting users via social media and rerouting traffic to curve[.]finance. Wallet providers like Phantom automatically blocked the fake domain, displaying a red warning message. The protocol infrastructure and user funds remained unaffected, with the issue contained to the DNS layer.
The Details of the DNS Attack
The attack manifested by hijacking the domain’s routing records, leading users to a malicious IP address. This method evoked memories of a similar 2022 attack on Curve Finance, where hackers quickly executed wallet-draining code, stealing thousands in cryptocurrency and causing panic within the community. This time, the protocol team quickly disseminated information to prevent potential losses, reassuring, “Funds are safe; only the DNS layer was affected.”
Following the attack, the team contacted the domain registration authority to identify the root cause and restore the redirects. They also reiterated the importance of trusting only verified channels, referencing the recent compromise of their official X account. Security firms and industry stakeholders were engaged during the incident. Some blockchain analysts noted, “Quick coordination allowed the on-chain protocol to be shielded from risk.”
Critical Security Measures for Users
Security experts remind Curve Finance users to clear browser caches, review wallet permissions, and store assets in cold wallets when possible. Manually verifying URLs when accessing DeFi protocols is cited as the first line of defense against phishing sites. Some developers propose open-source “Decentralized DNS” solutions as a long-term remedy to prevent similar incidents.
With a total value locked (TVL) exceeding $2.3 billion across 22 networks, Curve Finance, according to DefiLlama data, remains a constant target for hackers due to its size. Experts comment, “As TVL increases, so does the attack surface, forcing protocols to remain vigilant 24/7.”
The recent rise in similar DNS attacks compels participants in the cryptocurrency market to adhere more strictly to basic cybersecurity measures.
