Curve Finance Twitter Account Hacked—Scammers Push Fake Airdrop to Drain Wallets
DeFi’s security theater strikes again. Curve Finance’s official X (Twitter) account was compromised earlier today, blasting a phishing link disguised as a token giveaway to over 500K followers.
How it happened: Attackers bypassed two-factor authentication—likely via SIM-swap or insider access—before posting a malicious ’CRV airdrop’ URL. The link directed users to a cloned Curve interface designed to steal wallet approvals.
Damage control: Curve’s team regained access within 90 minutes, but blockchain analysts estimate at least $450K in crypto was siphoned during the window. The incident follows a $73M exploit of Curve’s pools in 2023—because apparently, some protocols never learn.
Bottom line: If a ’free money’ tweet smells fishier than a sushi roll at a gas station, it probably is. DeFi’s ’trustless’ mantra rings hollow when centralized social media remains the weakest link.
Curve Finance’s X account posted promises of a new reward program, posting a malicious registration link. | Source: X.com
Michael Egorov, the project’s founder, confirmed the account is still compromised, and none of the information on rewards or airdrops is true.
On-chain investigators warned against linking a wallet for the airdrop and revoking all permissions if the users connected their crypto wallet. The risk for end users lies in signing test transactions, which may come from a malicious smart contract.
The best approach is to avoid interaction with any links posted by Curve or to responses in the same threads. Usually, hacked accounts also call additional bots or scammers with fake links to revoke wallet permissions.
Soon after the first message, Curve Fi continued with messages of an upcoming CRV token airdrop, urging registration before May 20.
The messages were immediately deleted after posting, lasting 30 minutes before removal. Later, Curve Finance posted a thread establishing the Curve Reward Foundation, outlining a reward program and re-posting the risky registration link.
What raised a red flag for the Curve community is that the project has already distributed all its CRV tokens, and they have a predetermined vesting and unlocking schedule. Over 42% of CRV tokens are unlocked, with a total supply of 3.03B tokens. No other sources have announced a CRV airdrop.
Curve Finance aims to revive DeFi liquidity
Curve Finance was one of the early DeFi exchanges, going through multiple liquidations and losses for its native token.
At its peak, the protocol locked in over $23B in total value. The liquidity was wiped out during the UST depegging event and the crash of Terra (LUNA). The FTX bankruptcy further unraveled the deposits to Curve.
Currently, the protocol carries around $2B in value locked. However, Curve hopes to revive its lending activity.
Curve Llama Lend recently revived its locked value after a liquidity resupply event. Llama Lend is setting up expectations for a new DeFi summer following years of low-level activity.
The Curve ecosystem is limited, depending on the crvUSD stablecoin. The token has just 158M in supply, making for a small DeFi sector.
After the news of the hacked X account, the CRV token remained relatively unchanged. The asset is trading NEAR a three-month high on expectations. Curve may make a recovery. The protocol has been lagging behind Aave and other DeFi apps following the 2022-2023 bull market.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
