What is DNS hijacking? How it took down Curve Finance’s website
Curve Finance attackers used DNS hijacking to exploit its front end, redirecting users to a fake site and draining wallets.
On May 12, 2025, at 20:55 UTC, hackers hijacked the “.fi” domain name system (DNS) of Curve Finance after managing to access the registrar. They began sending its users to a malicious website, attempting to drain their wallets. This was the second attack on Curve Finance’s infrastructure in a week.
Users were directed to a website that was a non-functional decoy, designed only to trick users into providing wallet signatures. The hack hadn’t breached the protocol’s smart contracts and was limited to the DNS layer.
English
Spanish
French
German
Arabic
Chinese (Simplified)
Russian
Portuguese
Indonesian
Dutch
Afrikaans
Italian
Vietnamese
Bulgarian
Croatian
Danish
Greek
Hebrew
Hindi
Hungarian
Irish
Japanese
Korean
Norwegian
Persian
Polish
Romanian
Somali
Swedish
Thai