tl;dr
Curve Finance, a major DeFi protocol, has reportedly been hacked via a DNS hijack, leading to users being advised not to interact with the platform. This attack has disrupted services of related projects like Convex Finance and Resupply, which rely on Curve’s data feeds, though their own platforms r...
Curve Finance's website suffered a DNS hijack, potentially redirecting users to malicious sites and disrupting access to the platform.
Dependent DeFi projects like Convex Finance and Resupply experienced outages due to reliance on Curve's compromised data feeds.
Curve Finance and partners confirmed backend smart contracts remain secure but urged users to avoid interacting with the compromised frontends.
The incident underscores the persistent vulnerability of DeFi frontends to traditional cyberattacks despite decentralized backend security.
Curve Finance is actively investigating and collaborating with affected partners to restore domain control and platform functionality.
Curve Finance, a major DeFi protocol, has reportedly been hacked via a DNS hijack, leading to users being advised not to interact with the platform.
This attack has disrupted services of related projects like Convex Finance and Resupply, which rely on Curve’s data feeds, though their own platforms remain secure.
The DNS hijacking redirects users to malicious sites, posing risks despite the smart contracts being safe.
Curve Finance is investigating and working to recover access while urging caution.
This incident underscores the vulnerabilities of DeFi frontends and the importance of enhanced frontend security.
Further updates are expected as the situation develops.
The website of Curve Finance, a major decentralized finance (DeFi) protocol, has reportedly been hacked.
The team posted an urgent alert on social media, advising users not to interact with the platform.
While details remain vague, the protocol has potentially suffered a DNS hijack.
The incident has reportedly impacted multiple DeFi projects.
Convex Finance and Resupply, both of which rely on Curve’s data feeds, reported outages and functionality issues.
Both teams confirmed their own platforms remain secure, but dependent services are disrupted until Curve’s domain is restored.
DNS hijacking is a type of cyberattack where attackers manipulate the Domain Name System to redirect users to malicious sites.
In this case, attackers could trick users into interacting with fraudulent versions of Curve’s platform.
Security experts and users have flagged this as a strong reminder of the risks associated with DeFi frontends.
Unlike decentralized smart contracts, web frontends remain vulnerable to traditional attacks such as DNS hijacking.
Projects linked to Curve, including Convex, have emphasized that while their backends are unaffected, users should avoid signing transactions or interacting with dApps tied to Curve during this period.
While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet!
Curve Finance said it is working with affected partners to resolve the issue.
As the investigation continues, further updates are expected.
This situation highlights the need for DeFi protocols to focus more heavily on frontend security.
Recent DeFi hacks reflect that the front end remains an exposed vector despite decentralized architectures.
This is a developing story.