VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Curve Finance’s official website and X account were compromised in quick succession. On May 5, attackers first took control of the project’s X account and used it to post a phishing message promoting a fake airdrop. Then on May 12, the project issued a warning that the Curve frontend had been “hijacked,” in what appeared to be a domain takeover incident. Attack method (per SlowMist): Account Compromise. Reported loss: -.
Primary source
https://www.web3isgoinggreat.com/?id=curve-finance-website-and-twitter-account-hacked ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Curve Finance
- bug_class
- infrastructure
- date_occurred
- 2025-05-05
- loss_usd
- —
- source_id
- sm:curve-finance::2025-05-05
Related — same bug class· infrastructure