Curve Finance just got hit, again. They suffered a breach earlier this week, and this is the second cyber attack this month.
The bad guys pulled a move called a DNS hijack, redirecting Curve’s website visitors to some shady, malicious site.
Instead of landing on Curve’s legit platform, users got sent straight into the lion’s den, risking their wallets getting drained.
Enemies at the gates
Curve was quick to jump on X, waving the red flag and warning users don’t interact, as the curve.fi DNS might be hijacked.
They clarified it wasn’t a hack on their smart contracts, those stayed untouched, but the website itself was compromised.
The hackers messed with the domain’s address, sending users to a fake site designed to steal funds. That’s the dirty trick here.
The Curve team reassured everyone that their passwords and two-factor authentication were intact, and they’re scrambling to wrest control back from the crooks.
Meanwhile, on-chain security watchdog Blockaid spotted the suspicious activity and warned users to freeze all interactions with Curve until the all-clear sounds. No signing transactions, no swapping tokens, just sit tight.
Victims
Unfortunately, the fallout doesn’t stop at Curve. Other DeFi projects, like Convex Finance and Resupply, which rely on Curve’s data feeds, got caught in the crossfire.
Their services stumbled, operations hiccupped, and users felt the ripple effects. Both teams said their core systems are safe, but until Curve’s domain is fully restored, the pain continued.
Now, if you’re wondering what DNS hijacking even means, think of it as the cyber equivalent of a crooked street sign.
Instead of pointing you to the right place, it sends you down a dark alley where the bad guys wait to rob you blind.
It’s a reminder that while DeFi’s smart contracts are tough nuts to crack, their web frontends? Maybe not so much.
Risk
Curve’s no stranger to the drama. Just last week, their official X account got hijacked, though luckily no user funds vanished.
And back in 2022, a similar DNS breach led to a $570,000 ETH theft, laundered faster than you can say blockchain. The scars run deep.
So, DeFi protocols gotta beef up front-end security, pronto. Because no matter how bulletproof smart contracts are, if the website’s a sitting duck, the whole house of cards can come tumbling down.
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.
