Blog
/
DeFi
Expert verified
5 min read

Curve Finance Loses Over $520K After DNS Hijack

Ayush Pande
Written by:
Ayush Pande
Reviewed by:
Ayush Pande
Curve Finance Loses Over $520K After DNS Hijack
Our Editorial Standards:

Cryptocurrencies can be volatile and high risk. Though our articles are for informational purposes only, they are written in accordance with the latest guidelines from tax agencies around the world and reviewed by certified tax professionals before publication. Learn more about our Risk Warning and Our Editorial Process.

The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end. The perpetrator took control over curve.fi website's nameserver and stole at least $520K in just a few minutes after carrying out the attack.

The attack occurred just over a week after the exchange platform deployed the AAVE pool. Lefteris Karapetsas, the founder of security application Rotikapp, claims the attack was carried out by hijacking DNS; the hacker cloned Curve Finance's website and hacked the DNS to redirect to the fake website, where they added approval requests to their tampered contract.

Lefteris links the contract and claims that within an hour and a half, the perpetrator was able to launder $500K as ETH and $20K as other tokens.

In response, Curve Finance has changed its nameserver but cautions users to avoid using it yet and asks them to revoke any contracts made in the past few hours on the platform's front end using revoke.cash.

How we reviewed this article

All Bitcompare articles go through a rigorous review process before publication. Learn more about our Risk Warning and the Bitcompare Editorial Process.

Curve Finance Loses Over $520K After DNS Hijack

The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end.
Dot
April 6, 2025
Ayush Pande

As a tech enthusiast who's always on the prowl for the latest developments concerning crypto and hardware, you can find him covering news stories or tinkering with PCs.

TABLE OF CONTENTS

The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end. The perpetrator took control over curve.fi website's nameserver and stole at least $520K in just a few minutes after carrying out the attack.

The attack occurred just over a week after the exchange platform deployed the AAVE pool. Lefteris Karapetsas, the founder of security application Rotikapp, claims the attack was carried out by hijacking DNS; the hacker cloned Curve Finance's website and hacked the DNS to redirect to the fake website, where they added approval requests to their tampered contract.

Lefteris links the contract and claims that within an hour and a half, the perpetrator was able to launder $500K as ETH and $20K as other tokens.

In response, Curve Finance has changed its nameserver but cautions users to avoid using it yet and asks them to revoke any contracts made in the past few hours on the platform's front end using revoke.cash.

Curve Finance Loses Over $520K After DNS Hijack

HomeDeFi
Contents

The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end. The perpetrator took control over curve.fi website's nameserver and stole at least $520K in just a few minutes after carrying out the attack.

The attack occurred just over a week after the exchange platform deployed the AAVE pool. Lefteris Karapetsas, the founder of security application Rotikapp, claims the attack was carried out by hijacking DNS; the hacker cloned Curve Finance's website and hacked the DNS to redirect to the fake website, where they added approval requests to their tampered contract.

Lefteris links the contract and claims that within an hour and a half, the perpetrator was able to launder $500K as ETH and $20K as other tokens.

In response, Curve Finance has changed its nameserver but cautions users to avoid using it yet and asks them to revoke any contracts made in the past few hours on the platform's front end using revoke.cash.

Ayush Pande

As a tech enthusiast who's always on the prowl for the latest developments concerning crypto and hardware, you can find him covering news stories or tinkering with PCs.

The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end. The perpetrator took control over curve.fi website's nameserver and stole at least $520K in just a few minutes after carrying out the attack.

The attack occurred just over a week after the exchange platform deployed the AAVE pool. Lefteris Karapetsas, the founder of security application Rotikapp, claims the attack was carried out by hijacking DNS; the hacker cloned Curve Finance's website and hacked the DNS to redirect to the fake website, where they added approval requests to their tampered contract.

Lefteris links the contract and claims that within an hour and a half, the perpetrator was able to launder $500K as ETH and $20K as other tokens.

In response, Curve Finance has changed its nameserver but cautions users to avoid using it yet and asks them to revoke any contracts made in the past few hours on the platform's front end using revoke.cash.

Written by
Ayush Pande