Curve Finance, one of DeFi’s most established protocols, has confirmed that its curve.fi domain was compromised via a DNS-level attack. While no smart contracts or internal systems were breached, the incident sparked widespread concern in the crypto community about DeFi infrastructure security.
Now, Curve founder Michael Egorov has finally broken his silence, offering insights into what went wrong and what’s being done to prevent future attacks.
Curve Finance DNS Hijack: How the Exploit Unfolded
According to an official statement on x, the exploit targeted Curve’s DNS layer, redirecting users to a malicious IP address not controlled by the protocol. Crucially, no funds were lost, and Curve’s core infrastructure, including its smart contracts, remained fully operational.
Curve immediately:
- Isolated the issue to the DNS layer
- Launched a full investigation
- Reinforced operational security protocols
- Engaged with its domain registrar and security partners
The team also urged users not to interact with the curve.fi domain until an official update was shared through verified communication channels.
This attack reflects a growing trend of DNS-based exploits targeting high-profile DeFi platforms, raising fresh alarms about the vulnerability of front-end infrastructure.
Egorov Speaks Out – “It Was a Warning Shot”
Speaking to Decrypt, Egorov acknowledged the seriousness of the event, calling it a “wake-up call for DeFi protocols”. He stressed that while Curve’s backend systems remained untouched, the attack exposed how even non-custodial platforms can suffer front-end exploits that damage user trust.
“We’ve always focused on smart contract security, but this shows that DNS is now a top-tier attack vector. It’s time we treat it as such,” Egorov said.
He added that Curve is now implementing enhanced domain-layer protections, including:
- Real-time DNS monitoring
- Domain registrar redundancies
- 24/7 protocol-side user alerts for anomalous redirects
This isn’t the first time Curve has dealt with cyber threats. But Egorov’s public response signals a more proactive stance on full-stack security, including the often-overlooked web infrastructure layer.
Final Thoughts: A Reminder That DeFi Still Has Front-End Risks
The Curve Finance DNS exploit is a clear reminder that DeFi’s greatest vulnerabilities aren’t always on-chain. As protocols grow in value and visibility, bad actors are targeting more centralized weak points like domains, interfaces, and API layers.
The quick containment of the exploit—and Egorov’s transparency—have reassured much of the community. Still, this case reinforces the need for comprehensive, multi-layer security audits that go beyond just smart contracts.For users, the takeaway is simple: Always verify URLs, follow protocol updates closely, and be wary of front-end anomalies. And for DeFi builders, Curve’s experience may set a new baseline for infrastructure hardening.
