Curve Finance in Chaos: DNS Hijack Sends Users to Wallet-Draining Clone!

Curve Warns: Stay Away from Our Site!

Hold onto your wallets, folks! Curve Finance just threw up a huge red flag, screaming at users to steer clear of its website. Why? Because some sneaky hackers hijacked the domain name system and are sending unsuspecting visitors straight into a trap—a malicious clone site set up to bleed your wallets dry!

Curve's Urgent Alert on X

On May 12, the DeFi maestros over at Curve Finance blasted an SOS on X, yelling, "curve.fi DNS might be hijacked!" They told everyone to keep their hands off the site until they get things under control.

How'd They Do It?

So, what went down? The hackers managed to reroute Curve's official website through a sneaky frontend hijack. That's where they mess with the parts you interact with—buttons, forms, scripts—to snatch your inputs or trick you into okaying bad transactions. Scary stuff, right?

The Danger of Visiting

If you're unlucky enough to hit up the hijacked site, you might end up linking your wallet and, boom, the hackers have a free pass to your crypto stash. Yikes!

Curve's Smart Contracts Safe, But...

In a follow-up, Curve let everyone know their smart contracts are still locked down tight, but the domain's now pointing to the wrong IP. Not good.

Curve Fights Back

Curve's not taking this lying down. Their two-factor authentication is still secure, and they've hit up the domain registrar for help to wrestle back control of their DNS.

Investigation Ongoing

The Curve crew's deep in the trenches, still digging into what went wrong. They're begging users to keep away from the site until they fix the mess.

Hackers' Lazy Hack

"The hackers barely even tried," scoffed David Zhang, co-founder of Stably. He pointed out on X that these crooks just swapped out the site with a clickable screenshot and a drainer link. Could've been way worse, he said.

Curve's Troubled History

This isn't Curve's first rodeo with DNS drama. Back in August 2022, attackers pulled a similar stunt, swiping over $570,000 before Curve could stop the bleeding. Binance and Fixed Float managed to freeze some of the stolen loot, but it was a close call. Curve switched up their DNS provider and told users to cut ties with the compromised domain.

Market Feels the Heat

The latest hijack's got everyone on edge, and CRV, Curve DAO's native token, took a 7% nosedive in the last 24 hours.

Curve's X Account Hacked Too

And if that wasn't enough, just days ago on May 5, some hacker snagged Curve's X account and started spamming phishing links. Thankfully, Curve locked it down fast, and no user funds were touched.

Curve's Reassurance

"No security issues were found on our side, no user funds were impacted, no victims of phishing links which the hacker posted. All Curve systems remain fully operational," Curve declared on X on May 6.

Phishing Frenzy in Crypto Land

It's not just Curve feeling the heat. Other crypto projects and big names have had their X accounts hijacked recently, with hackers pushing phishing links and scam tokens left and right.