• Curve Finance DNS hijacking has redirected customers to a malicious clone website.
• CRV costs slipped round 7.7% as buyers paniced and dumped the token.
• Curve Finance plans a migration from DNS to ENS to reinforce front-end safety.

Late on Could twelfth, Curve Finance warned in an X submit that its “Curve.fi” area may very well be hijacked, prompting customers to keep away from the positioning altogether.

https://t.co/voemyotq0l It seems that dns may very well be hijacked. Please do not work together!

– Curvefinance (@curvefinance) Could 12, 2025

In keeping with an replace issued by X’s Curve Finance, the attacker reroutes the official Curve web site’s DNS entry to a front-end clone designed to empty the pockets by way of a seemingly easy drainer hyperlink embedded within the web page.

The platform’s good contracts stay unaffected and safe, however the compromised area factors to IP addresses managed by malicious actors.

Pockets suppliers similar to Phantom responded shortly by blocking the “Curve.fi” handle and displaying a notable warning to customers making an attempt to attach.

Following the assault, Curve Finance started a full investigation, attracting safety companions and their area registrars to regulate and get better the actual website.

Curve DAO (CRV) Token Worth Dip

The DNS assault sparked the value of the CRV slipped to round $0.7231 on the Coinmarketcap stay chart, marking a 7.7% decline over the past 24 hours as buyers panic unfold.

As costs fell, buying and selling volumes surged past $188 million as holders competed to withdraw from positions amid the deployment of safety disaster.

Moreover, the token’s market capitalization has dropped to round $973.1 million, highlighting the precise influence of chain vulnerability.

Bitcoin’s personal retreat contributed to downward stress by $105,000 to $102,000, however analysts agree that the DNS incident served as the principle catalyst for the sale of Curve DAO (CRV).

Technical indicators present that the CRV revisits the value vary final seen earlier than the latest China-US commerce settlement, reflecting volatility and rising investor concern.

Second Curve Finance is going through DNS assaults

Could 13 is the second front-end DNS violation of the Could 13 assault marks curve finance after about $61 million was sucked up earlier than containment, following an analogous incident in July 2023.

On that event, Binance frozen greater than $450,000 after the perpetrator tried to clean the funds by way of the alternate, however the fastened float recovered about 112 ETH.

The curve then suggested the person to vary the DNS supplier and revoke all approvals associated to the compromised area, however the frontend threat remained unresolved.

The protocol’s social media channels are additionally focused, with the X account simply hijacked on Could fifth and posted a phishing hyperlink earlier than it performed on Could sixth.

Yesterday, official @curvefinance Your X account has been compromised. As you already know, entry has been utterly restored.

To be clear: the incident was strictly restricted to X accounts. Different curve accounts weren’t affected. No safety points had been discovered on our facet, no person funds… https://t.co/8bci75uzgr

– Curvefinance (@curvefinance) Could 6, 2025

Curve Finance reiterated that the person funds weren’t affected, however the cumulative sequence of infringement eroded customers’ belief within the platform’s exterior infrastructure.

Customers have expressed their dissatisfaction with Curve that’s unable to safe a public layer for Curve regardless of its sturdy on-chain protocol, and one commenter states, “If the area itself is a weak hyperlink, a safe contract is much less vital.”

Safety specialists emphasize that front-end vulnerabilities pose existential dangers to Defi, as pockets connections and transaction approvals are mediated by way of the person interface.

Business friends are carefully monitoring Curve’s remediation efforts and perceive that profitable ENS migrations can set new requirements for protocol safety.

In the meantime, buyers are seeing CRV efficiency on indicators of restoration and even additional downsides. The broader market scenario additionally performs an vital function.

Curve finance to maneuver from DNS to ENS

In response to the newest assaults, Curve Finance has confirmed its plans to desert conventional DNS in favor of the human-readable handle Ethereum Identify Service (ENS).

In contrast to DNS, ENS makes use of good contracts on Ethereum’s blockchain to handle naming, eliminating dependency on centralized registrars and internet hosting suppliers.

By shifting to ENS, Curve goals to reinforce front-end safety and reduce the assault floor that enables malicious actors to hijack their domains.

The change to “Curve.Finance” primarily based on ENS governance represents a structural shift in direction of decentralization past merely good contracts.

As Curve Finance is dedicated to restoring its official web site and finishing the ENS migration, the CRV value trajectory stays unsure within the brief time period.

For now, CRV buyers must navigate refined volatility and evolving safety measures as a battle for curve finance from one other front-end exploit.