“On the evening of May 12, the malefactors compromised the Curve Finance DNS server and redirected the domain to the harmful IP address of the Phishing Site with a Drainer capable of stolen from cryptomamen. Late Last Night, The Curve [.] Fi Domain Was Compromised at the DNS Level. This Exploit Redirected Traffic to A Malicious IP Not Associated with Curve Finance. No Smart Contracts or Internal Systems Were […]”, – WRITE: Businessua.com.ua
On the evening of May 12, the attackers compromised the Curve Finance DNS-server and redirect the domain on the harmful IP address Stole money from cryptomamen.
Late Last Night, The Curve [.] Fi Domain Was Compromised at the DNS Level. This Exploit Redirected Traffic to A Malicious IP Not Associated with Curve Finance. No Smart Contracts or Internal Systems Were Breached – The Protocol Itself Remains Fully Operational and Secure.
User…
– Curve Finance (@Curvefinance) May 13, 2025
“No smart contracts or internal systems have been injured – the protocol itself remains fully able and safe,” the project representatives said.
The team emphasized that the incident concerns exclusively DNS-level. Users called not using Curve domain[.]fi and move to a new address – Curve.finance.
Once the attack is discovered:
- localized the problem;
- started the investigation;
- appealed to the DNS services supplier and cybersecurity partners;
- Increased operating protocols.
“In recent weeks, the number of attacks on the infrastructure of cryptoprosectors has increased significantly. Such incidents affect the entire industry and demonstrate the need for a systematic approach to safety. We take all the necessary measures to protect users and restore the stable service of the service, ”the Curve Finance statement reads.
At the time of publication, Iwantmyname did not respond to requests for restoring access to the domain.
Dear @iwantmyname. Your Respons Time Is Totally Unsacceptable: We Need Access to Curve [.] Fi Taken Away from Hackers and The Incident to Be Investigated. As of Now, DNS Still Points to A Drainer Which Can Lead USers to Lose Millions if they interact with it!
– Curve Finance (@Curvefinance) May 13, 2025
The last update in the official X-account of the Provider is dated December 2024.
“DNS still indicates a harmful driner. Interaction with it can lead to multimillion -dollar losses! ” – warned the developers.
We will remind, according to Certik estimate, in April, the crypto industry lost $ 364 million because of hacker attacks, fraud and fractures. 92% of losses occurred on phishing campaigns.
The gun
Please wait …