Attention! Curve "domain hijacked" points to a fake website, please do not connect your Wallet or sign any transactions.

curve.fi The domain is suspected of being hijacked, please pause the interaction! At present, the URL has been pointed to a malicious page, connecting to the wallet for fear of stolen assets. (Synopsis: 7 ways Bitcoin generates interest, plus new exploration by Curve founders) (Background added: ZKSync was hacked "attackers minted 100 million zk tokens"!) Hackers get rid of their hands and trigger urgent takedowns from exchanges such as Bithumb) Be careful! Stablecoin exchange protocol Curve Finance has once again reported a breach, suspected DNS (Domain Name System) hijacking, causing users to be directed to malicious websites. On-chain security firm Blockaid also issued a warning that this is a "potential front-end attack" and advised users not to interact with the Curve website or sign any transactions to avoid damage to assets. DNS points to the wrong IP, user browsing is risky The Curve team issued a warning yesterday (12th) on X, saying that "curve.fi DNS may be hijacked, please do not interact!" A follow-up note notes that the site is currently "pointing to the wrong IP," meaning that even if users go to the official URL, they may be connected to malicious pages controlled by hackers. Although Curve says that all smart contracts are still secure and passwords and two-factor authentication mechanisms are not affected, due to a vulnerability in the DNS hierarchy, users can be directed to fake websites and stolen wallet assets once they operate the page. The team has now contacted the domain registrar to investigate the cause and try to take back control. While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet! We are investigating and working on recovering the access. No sign of a compromise on our side — Curve Finance (@CurveFinance) May 12, 2025 On-chain security company Blockaid also detected that curve.fi issued abnormal requests, which were preliminarily judged to be front-end attacks, and hackers may use the buttons of the website, Forms or signing interfaces steal user information. Once a malicious transaction is signed, assets can be stolen. Blockaid appeals: "If connected, avoid signing transactions and do not interact with dApps. We are working closely with affected partners and will continue to update." URGENT: We have detected a potential frontend attack targeting @CurveFinance . If you're connected, please refrain from signing transactions and avoid interactions with the dApp until the issue is resolved. We’re working closely with affected partners. More updates soon. — Blockaid (@blockaid_) May 12, 2025 Second attack in a week, Curve security put to the test This is the second attack on Curve Finance this week. On May 6, its official X account was hacked, but the team stressed at the time that it was limited to the social account level and did not affect other platforms or user funds. However, the two attacks in just a few days also made the community question the resilience of Curve in protecting critical infrastructure. It's worth noting that Curve had a similar incident in August 2022, when hackers stole users' money through fake websites, causing losses. Despite the subsequent publication of incident reports and the strengthening of some security mechanisms, they are still stuck in the old disaster, showing that front-end attacks are still a weakness that DeFi protocols cannot guard against. Remind users that in addition to contract auditing, they should also maintain a high degree of vigilance on the website side. Yesterday, the official @CurveFinance X account was compromised. As you already know, access has been fully restored. To clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds... — Curve Finance (@CurveFinance) May 6, 2025 Related Stories Monero Market Cap Jumps $1.5 Billion in One Day: Why Hackers Don't Like Bitcoin Anymore? Hackers teach you how to use 0.01 BNB "white" CZ? The world's lowest Internet penetration" Why is North Korean hacker Lazarus so strong? Repeatedly breached the safety nets of major enterprises, Lhasa Road became Kim Jong-un's money-making machine to develop nuclear weapons 〈Attention! Curve "domain hijacked" points to fake websites, don't connect wallets and sign any transactions for the time being" This article was first published in BlockTempo's "Dynamic Trend - The Most Influential Blockchain News Media".