Curve Finance Moves to New Domain After Phishing Attack

Curve Finance has announced a permanent shift to a new web domain following a targeted DNS attack that exposed users to phishing risks. The decentralized finance (DeFi) protocol confirmed on May 13 that it will now operate on Curve.finance, replacing the compromised Curve.fi domain.

The decision to move to the new domain was driven by the prolonged downtime and limited support from .fi domain registrars. Curve explained that the .fi domain would be down for an extended period, making it impractical to revert to the old domain. Additionally, the registrars capable of handling .fi domains were deemed less reliable compared to those managing .finance domains.

On May 12, hackers successfully hijacked the DNS records for Curve.fi, redirecting visitors to a malicious website that mimicked the protocol’s interface. This fake site attempted to deceive users into signing wallet-draining transactions. Curve assured that the issue was contained at the DNS level and that no internal systems were breached. However, the compromised website remained active for several hours due to the slow response from the domain registrar, iwantmyname, to community complaints.

Curve expressed dissatisfaction with the registrar’s response time, stating that it was unacceptable and that immediate action was needed to remove access to the compromised domain and investigate the incident. Yu Xian, the founder of blockchain security firm Slowmist, highlighted the severity of the risk, noting that the phishing gang was using deceptive tactics to steal users’ mnemonic phrases.

The compromised domain name has been frozen since the attack. This is not the first time Curve has faced such security challenges. In 2022, the protocol suffered a similar DNS hijack, resulting in user losses totaling approximately $530,000. Notably, the firm was using the same registrar, iwantmyname, at the time of the attack.

Just over a week before the DNS attack, Curve experienced another security incident when a hacker temporarily took over the platform’s social media handle to post phishing links. The team quickly regained control of the account and assured users that no funds were impacted. Security experts have emphasized that these back-to-back incidents indicate a shift in attackers' focus from code exploits to infrastructure-based vulnerabilities.

This year, the crypto industry has lost around $2 billion to malicious actors who have exploited centralized exchanges and several DeFi protocols. The recent incidents underscore the importance of robust security measures and prompt responses from domain registrars to mitigate such risks.