What is DNS hijacking? How it took down Curve Finance’s website
Curve Finance attackers used DNS hijacking to exploit its front end, redirecting users to a fake site and draining wallets.
On May 12, 2025, at 20:55 UTC, hackers hijacked the “.fi” domain name system (DNS) of Curve Finance after managing to access the registrar. They began sending its users to a malicious website, attempting to drain their wallets. This was the second attack on Curve Finance’s infrastructure in a week.
Users were directed to a website that was a non-functional decoy, designed only to trick users into providing wallet signatures. The hack hadn’t breached the protocol’s smart contracts and was limited to the DNS layer.
