On May 12, Curve Finance warned in a post on X that its “.fi” domain might be hijacked and advised users to avoid the site entirely.
Seems like https://t.co/vOeMYOTq0l DNS might be hijacked. Don’t interact!
— Curve Finance (@CurveFinance) May 12, 2025
According to an update posted by Curve Finance on X, attackers redirected the official site’s DNS entries to a cloned front-end designed to drain wallets via a deceptively embedded link on the page.
While the platform’s smart contracts remain unaffected and secure, the compromised domain now resolves to an IP address controlled by malicious actors.
Wallet providers such as Phantom responded quickly by blocking the “.fi” address and showing clear warnings to users attempting to connect.
Following the incident, Curve Finance launched a full investigation, engaging security partners and its domain registrar to regain control and restore the authentic site.
DAO token (CRV) price decline
After the DNS attack, CRV dropped to approximately $0.7231 on the live CoinMarketCap chart, representing a roughly 7.7% decline over 24 hours as panic spread among investors.
As the price fell, trading volume rose above $188 million as holders rushed to exit positions amid the unfolding security crisis.
Market capitalization also fell to about $973.1 million, highlighting the tangible impact that off-chain vulnerabilities can have on on-chain assets.
Although a Bitcoin pullback from $105,000 to $102,000 contributed some downward pressure, analysts agree the DNS incident was the primary catalyst for CRV sell-offs.
Technical indicators suggest CRV is revisiting price ranges last seen before the recent China–U.S. trade agreement, reflecting heightened volatility and investor concern.
This is the second time Curve Finance has faced a DNS attack
The May 13 attack marks Curve Finance’s second front-end DNS breach, following a similar incident in July 2023 when roughly $61 million was siphoned before containment.
On that occasion, Binance froze more than $450,000 after the perpetrator attempted to launder funds through the exchange, while Fixed Float recovered around 112 ETH.
Curve Finance later changed DNS providers and advised users to revoke any approvals related to the compromised domain, but front-end risk remained unaddressed.
The protocol’s social channels were also targeted: its X account was briefly hijacked on May 5 to post phishing links before access was restored on May 6.
Yesterday, the official @CurveFinance X account was compromised. As you already know, access has been fully restored.
To clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds… https://t.co/8bci75uZGr
— Curve Finance (@CurveFinance) May 6, 2025
While Curve Finance has reiterated that user funds were not affected, the series of breaches has eroded confidence in the platform’s external infrastructure.
Users expressed frustration that public-facing layers remain vulnerable despite robust on-chain safeguards, with one commenter noting, “Secure contracts don’t mean much when the domain itself is the weak link.”
Security experts warn that front-end vulnerabilities pose existential risks for DeFi, since wallet connections and transaction approvals are mediated through user interfaces.
Industry peers are closely monitoring Curve Finance’s remediation efforts, recognizing that a successful ENS migration could set a new standard for protocol security.
Meanwhile, investors are watching CRV’s performance for signs of recovery or further decline, with broader market conditions also playing a critical role.
Curve Finance will move from DNS to ENS
In response to the latest attack, Curve Finance confirmed plans to abandon traditional DNS in favor of the Ethereum Name Service (ENS) for its human-readable addresses.
Unlike DNS, ENS uses smart contracts on the Ethereum blockchain to manage naming, removing reliance on centralized registrars and hosting providers.
By transitioning to ENS, Curve Finance aims to reinforce front-end security and shrink the attack surface that allowed malicious actors to seize its domain.
Moving to “.finance” under ENS governance represents a structural shift toward decentralization that extends beyond secure smart contracts.
As Curve Finance works to restore its official site and complete the ENS transition, CRV’s short-term price trajectory remains uncertain.
For now, CRV investors must navigate increased volatility and evolving security measures while Curve Finance attempts to recover from another front-end exploit.