Curve Finance Forced Into Domain Exodus After DNS Hijack—DeFi’s ’Trustless’ Myth Takes Another Hit

Another day, another crypto Achilles’ heel exposed. Curve Finance scrambles to a new web address after attackers hijack its DNS—because apparently even decentralized finance can’t escape old-school cyber threats.

Security theater meets blockchain: The exploit didn’t touch smart contracts (small mercies), but still drained wallets through classic social engineering. White hats and black hats now racing to the same finish line—your private keys.

Meanwhile, institutional investors nod sagely while double-checking their cold storage. The ’future of finance’ just got schooled by a problem AOL users faced in 1996.

Curve’s security challenges

In 2022, the protocol suffered a similar DNS hijack, which led to user losses totaling approximately $530,000. Notably, the firm was using the same registrar, iwantmyname, at the time of the attack.

Meanwhile, the recent DNS attack comes just over a week after a separate security event in which a hacker temporarily took over Curve’s X account.

On May 5, a hacker took over the platform’s social media handle to post phishing links. The team regained control of the account quickly and said no user funds were impacted.

Meanwhile, security experts emphasized that the back-to-back incidents show that attackers are shifting focus from code exploits to infrastructure-based vulnerabilities.

This year, the crypto industry has lost around $2 billion to malicious actors who have exploited centralized exchanges like Bybit and several DeFi protocols.