“User funds are safe. Curve’s smart contracts remain secure,” the project team stated.
Summary:
- The main Curve Finance website became the target of a DNS attack.
- Users were redirected to a fake website containing malicious scripts.
- The protocol’s smart contracts were not affected, but the frontend was compromised.
- This is the third major security incident involving Curve in the past two years.
What exactly happened?
Curve Finance confirmed on May 14 that its frontend website had been compromised, with attackers redirecting the domain’s DNS records to a malicious IP address.
The issue is entirely at the DNS level and does not affect the core infrastructure.
The site users were redirected to mimicked the original interface but contained malicious JavaScript aimed at tricking users into approving token transfers to hackers.
Explained: How does a DNS attack work?
According to experts, the attackers modified the DNS records that link the website name (e.g., curve.fi) to the server’s IP address. This means users are actually visiting a malicious site, even though the correct URL appears in their browser.
“This is social engineering at the infrastructure level,” said Meir Dolev, co-founder of blockchain security company Cyvers.
Users may not easily notice the difference, as the fake site looks exactly the same.
What actions did Curve take?
- The team immediately isolated the issue
- Launched an internal investigation
- Collaborated with the domain registrar and security partners
- Emphasized that precautionary security measures were in place
Important: Were your funds affected?
No, if:
- You use Curve directly through verified smart contract addresses
- You did not interact with the site during the incident
Yes, potentially, if:
- You approved transactions on the fake site
- You connected your wallet and didn’t check what you were signing
History of past attacks on Curve
2022 Attack:
- Also a DNS hijack
- Losses: ~USD 570,000
- Suggested solution: migration to Ethereum Name Service (ENS)
Vyper vulnerability (2023):
- Bug in the programming language used in Curve
- Losses: ~USD 24 million across multiple DeFi projects
Conclusion:
The attack on Curve Finance highlights once again how critical infrastructure-level security is—especially for Web3 projects. While smart contracts remain intact, the web interface is a weak point—and that’s exactly where attackers focus.
Curve assures users that it will further strengthen its security measures, but for now, avoid using the main site until it is explicitly confirmed to be fully restored.
Frequently Asked Questions
Find answers to the most common questions below.
No, if you interacted directly with Curve smart contracts or didn’t use the site during the attack, your funds are safe.
Attackers modified DNS records to redirect users to a fake site that looked like Curve’s frontend but contained malicious scripts.
Not yet. Curve advises avoiding the main site until an official confirmation is made that all systems are secure and restored.
This article is for general informational purposes only and is not intended to be, and should not be construed as, legal or investment advice. Crypto-assets are highly volatile, so only invest funds that you are willing to lose and use your own research and risk management.
