On May 12, 2025, hackers compromised the '.fi' DNS of Curve Finance, directing users to a fraudulent website designed to steal wallet signatures. This incident marked the second attack on Curve Finance in a week, exploiting vulnerabilities at the DNS level rather than breaching the protocol itself. Similar tactics were employed during a previous attack in August 2022, where users lost funds to a cloned website. Attackers can hijack DNS through methods like local modifications, router takeovers, and registrar-level breaches. The DNS is fundamental to internet navigation, converting domain names to IP addresses. After the May attack, Curve responded by redirecting the domain to neutral servers and launching a secure alternative site while maintaining operational functionality. They communicated with users through official channels and initiated recovery processes. The incident highlights the risks associated with centralized web infrastructure in DeFi, emphasizing the need for decentralized solutions like Ethereum Name Service (ENS). Projects must secure registrar accounts, implement DNS security extensions, and educate users to protect against similar vulnerabilities.

Source 🔗