On May 13, the DeFi protocol confirmed that it will operate on Curve.finance, replacing the compromised Curve.fi.
The protocol explained that it was making the move because of the prolonged downtime and limited support from .fi domain registrars.
“[The] .fi [domain] will be down for too long / no point of moving back. Also registrars who can hold .fi are somewhat not as great as those who can deal with .finance.”
Following the incident, Curve said that the issue was contained at the DNS level and that no internal systems were breached.
However, the compromised website was left on for several hours as the domain registrar, iwantmyname, failed to respond to community complaints.
“[The registrar’s] response time is totally unacceptable: we need access to curve [.] fi taken away from hackers and the incident to be investigated.”
“The phishing gang [was] playing dirty tricks at the front end with fake wallet pop-up scams, directly fishing for mnemonic phrases… I have to say, this is pretty sleazy.”
The compromised domain name has been frozen since the attack.
Meanwhile, the recent DNS attack comes just over a week after a separate security event in which a hacker temporarily took over Curve’s X account.
Meanwhile, security experts emphasized that the back-to-back incidents show that attackers are shifting focus from code exploits to infrastructure-based vulnerabilities.
