Curve Finance Warns Users of DNS Hijacking Targeting Its Official Domain

DeFi protocol Curve Finance has issued a key security warning with the latest X post, impacting the crypto community.

Announcing the hacking of curve.fi – its official domain – the platform has urged users to avoid interacting with the website, which is currently redirecting to a clone site that could drain user assets with a single click.

The team stated:

“While all smart contracts are safe, the domain name (curve.fi) is pointing to a malicious site which can drain your wallet. We are investigating and working on recovering access.”

The team is working to regain access to the website, which is currently redirecting to a clone site that could drain user assets with a single click. A single click could see users transfer their entire fortune to the scammers.

These incidents have contributed to the massive losses incurred by crypto investors every year.

That explains the sudden sentiment shift among CRV investors.

The altcoin confirms the prevailing uncertainty in its price actions.

CRV has returned to regions it explored before the latest trade deal between China and the US.

The native token trades at $0.7181 after losing more than 7% of its value in the past 24 hours.

Bitcoin's retreat from $105K to $102K at press time also contributed to CRV's weakness, but the latest hacking incident exacerbated the alt's downside.

What are DNS attacks?

With innocent investors and traders suffering massive losses due to scammers, DNS (Domain Name System) hijacks aren’t new in the digital assets industry.

The scams work by redirecting users from legitimate sites to a malicious version, which prompts users to transfer assets to scammers’ wallets.

The attackers manipulate DNS servers to redirect traffic to imposter sites that facilitate the fraud.

Therefore, a single click could cause innocent investors and traders to lose considerable losses.

User trust dented

The team confirmed that smart contracts, which are at the heart of Curve’s infrastructure, remained secure.

That means the platform’s decentralized backend is functioning normally.

Nevertheless, front-end trust remains paramount. Daily users utilize the site interface to access DeFi protocols.

That poses a risk, as even a short-lived DNS attack could see enthusiasts lose assets by unknowingly performing malicious transactions.

That explains the sudden frustrations within the Curve community, especially as the team hasn't issued a timeline to solve the issue.

One user commented:

“Really important reminder for folks navigating DeFi these days. Secure contracts don’t matter much when the domain itself becomes the weak link.”

Solution?

While the Curve team battles to regain the website, users remain unsatisfied. Most question how the protocol will prevent such occurrences in the future.

But Curve Finance confirmed plans to ditch DNS for ENS (Ethereum Name Service).

While the two facilitate human-readable name usage on online resources, they differ in control and technology.

DNS boasts a centralized system managed by hosting providers and registrars, whereas ENS is an Ethereum-based naming service that leverages smart contracts to name ETH addresses.

CRV price takes a hit

Curve’s native token reacted to the spreading fear with a downtrend.

It hovers at $0.7181 after an over 7% decline on its 24-hour chart.

The surging trading volume likely highlights increased activity from investors looking to exit to avoid further losses amid the hacking uncertainty.

With the broader crypto market correcting after the latest rally, CRV could faces more downside before regaining ground.