Decentralized finance protocol Curve Finance has moved its official web domain from Curve.fi to Curve.finance following a DNS hijack that exposed users to phishing risks.
In a statement to crypto.news, a Curve Finance spokesperson said the new domain Curve.finance is “available and safe to use,” while clarifying that user funds remained “secured and safe at all times” throughout the incident.
The protocol confirmed that its smart contracts and internal systems were never compromised, and that all services remain fully operational.
Curve said it made the switch due to extended downtime and what it described as limited support from the .fi domain registrar, Iwantmyname.
“The .fi will be down for too long / no point of moving back,” the team wrote in an X post. It added that registrars handling “.finance domains” offer better responsiveness and reliability compared to those managing .fi domains.
The platform reiterated that the breach was strictly limited to the DNS layer and did not involve any unauthorised access to internal infrastructure.
“None of our password protections or 2FA systems were bypassed,” the Curve Finance spokesperson said.
When asked how the breach occurred, the spokesperson said the incident is “still under investigation” and the team does not have further details to disclose at this time.
However, they confirmed that updates will be shared as soon as more information becomes available.
In a separate post-incident update shared on May 13, the team said it took immediate steps to contain the threat, isolate the affected systems, and begin a full investigation.
Curve also engaged security partners and its domain registrar to work on restoring normal operations, though the delay in registrar response was a key factor in the decision to abandon the old domain.
In a subsequent update, it said that the registrar had successfully frozen the Curve.fi domain, effectively disabling the malicious drainer.
Responding to a community member, the project also confirmed plans to introduce a .eth domain, which leverages the Ethereum Name Service, a decentralized alternative to traditional DNS infrastructure.
That will come next. Needs slightly more work, but will happen
— Curve Finance (@CurveFinance) May 13, 2025
As previously reported by crypto.news, the DNS hijack was first flagged by the Curve team on May 12. The attackers had rerouted traffic from Curve.fi to a spoofed website that mimicked the protocol’s interface and hosted a wallet drainer.
The malicious page was live for several hours before access was restricted, prompting warnings from on-chain security firm Blockaid and other industry participants.
The price of CRV, the native token of Curve DAO, initially fell nearly 7% to an intraday low of $0.71 following the news, but has since rebounded to $0.76 at press time, marking a 6% gain over the past 24 hours.
