Curve Finance Ditches .fi Domain After Shocking DNS Hijack!

New .finance Domain Up and Running, User Funds Safe

Holy smokes, Curve Finance just pulled off a major move, switching their official web domain from Curve.fi to Curve.finance after a wild DNS hijack that left users vulnerable to phishing attacks. Talk about a close call!

In an exclusive chat with us, a Curve Finance spokesperson dropped the news that the new Curve.finance domain is "available and safe to use." They also made it crystal clear that user funds were "secured and safe at all times" during this crazy incident. Phew!

The protocol's team confirmed that their smart contracts and internal systems were never touched, and all services are still running like a well-oiled machine.

So, why the switch? Curve said it was due to the .fi domain being down for way too long and getting the cold shoulder from the registrar, Iwantmyname. They're not messing around anymore!

"The .fi will be down for too long / no point of moving back," the team blasted out on X. They also threw some shade at the .fi domain registrars, saying that the ones handling ".finance domains" are way more responsive and reliable. Ouch!

The platform made it loud and clear that the breach was strictly a DNS layer issue and didn't involve any unauthorized access to their internal infrastructure. They're not playing around with security!

"None of our password protections or 2FA systems were bypassed," the Curve Finance spokesperson declared. They're keeping their guard up!

When we grilled them on how the breach went down, the spokesperson said it's "still under investigation" and they don't have any more juicy details to spill right now. But don't worry, they promised to keep us in the loop as soon as they know more.

In a post-incident update on May 13, the team revealed that they jumped into action to contain the threat, isolate the affected systems, and kick off a full-blown investigation. They're not taking this lying down!

Curve also brought in security partners and their domain registrar to help get things back to normal, but the slow response from the registrar was the final straw in their decision to ditch the old domain. They're not waiting around for anyone!

In another update, they said that the registrar finally got their act together and froze the Curve.fi domain, shutting down the malicious drainer. It's about time!

And get this, in response to a community member, the project confirmed they're working on introducing a .eth domain using the Ethereum Name Service. It's a decentralized alternative to the traditional DNS infrastructure, and they're not stopping until it's done!

"That will come next. Needs slightly more work, but will happen," they said. They're not backing down from a challenge!

The DNS hijack was first spotted by the Curve team on May 12, and it was a wild ride. The attackers rerouted traffic from Curve.fi to a fake website that looked just like the protocol's interface and had a wallet drainer ready to pounce. It was live for hours before they could shut it down, and on-chain security firm Blockaid and other industry players were sounding the alarm.

And the price of CRV, Curve DAO's native token, took a hit, dropping nearly 7% to an intraday low of $0.71 after the news broke. But it's been fighting back, rebounding to $0.76 at press time, with a 6% gain in the last 24 hours. It's not going down without a fight!