Distributed Finance Protocol Curve Finance moved its official web domain from Curve.fi to Curve.finance following DNS hijacking that exposed users to phishing risk.
In a statement to Crypto.News, a Curve Finance spokesman said the new domain curve was “available and safe,” making it clear that the user fund is “always safe and secure” through the incident.
The protocol ensured that its smart contracts and internal systems were not compromised, and that all services remained fully operational.
Curve said it had switched by extending downtime and being described as limited support from the .FI domain registrar Iwantmyname.
“.fi is too long / no points to go back,” the team wrote in the X post. He added that registrars handling “.Finance domains” provide better responsiveness and reliability compared to those managing .FI domains.
The platform has reiterated that violations are strictly limited to the DNS layer and do not include unauthorized access to internal infrastructure.
“No password protection or 2FA systems have been bypassed,” a Curve Finance spokesman said.
You might like it too: DNS hijacking days after Curve Finance Battle X account breach
When asked how the violation occurred, the spokesman said the incident was “still under investigation” and the team had no details to disclose at this time.
However, they confirmed that updates will be shared as soon as more information becomes available.
In another post-incident update shared on May 13, the team said they took immediate steps to curb the threat, isolate the affected systems and begin a full investigation.
Curve also engaged with security partners and their domain registrars to work on restoring normal operations, but delayed registrar responses were a key factor in their decision to abandon the old domain.
In a subsequent update, the registrar said it successfully frozen the Curve.fi domain and effectively disables the malicious drainer.
In response to community members, the project also confirmed plans to deploy a .eth domain that leverages the Ethereum Name service, a decentralized alternative to traditional DNS infrastructure.
That will come next. It takes a little more work but it happens
– Curvefinance (@curvefinance) May 13, 2025
As previously reported by crypto.news, the DNS hijacking was first flagged by the curve team on May 12th. The attacker reroutes the traffic from Curve.fi and hosts the wallet drainer by mimicking the protocol’s interface.
The malicious page was live for several hours before access was restricted, prompting warnings from the chain’s security company BlockAid and other industry participants.
The price of Curve DAO’s native token CRV initially fell nearly 7% to an intraday low of $0.71 following the news, but has since rebounded to $0.76 at press, marking a 6% profit in the last 24 hours.
read more: Curve Finance will join forces with Ton Foundation to strengthen Stablecoin trading
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
