June 9, 2025
Detections

Hypernative Detection: $3.5M Frontend Attack on Curve Finance

The Hypernative platform detected the drainer address involved in the heist 2 hours before the phishing attack claimed its first victim

Hypernative

On May 12, 2025, Curve Finance, a decentralized liquidity pool for stablecoin trading, lost $3.5M after malicious actors hijacked its frontend. The Hypernative platform detected the phishing address used to drain user funds 2 hours before the execution, making the loss of funds entirely avoidable.

The Curve Finance frontend experienced a domain hijacking attack, allowing attackers to access the registrar and change the DNS settings. Users were redirected to a malicious look-alike site that had no functionality and only prompted users for wallet signatures. Further analysis of the attack revealed that the scammer’s wallet was directly linked to the notorious Inferno Drainer infrastructure.

Read more: Anatomy of a Hack: Wallet Drainers and the Tools to Cut the Flow

Detection Timeline

The Hypernative platform accurately detected the phishing address used to drain users' funds 2 hours before the execution.

Prevention > Postmortems

What made this attack especially dangerous—and increasingly common—was the seamless integration between a hijacked frontend and a wallet-drainer-as-a-service backend. Once users were lured to the spoofed Curve site, the malicious interface handed off wallet interactions to a drainer system designed to automate the theft. Frontend compromises are no longer isolated incidents—they are on-ramps into industrialized theft ecosystems that exploit user trust and interface fragility.

For asset managers and institutional users of DeFi protocols, Hypernative Guardian offers real-time transaction security that analyzes every transaction in real-time, simulating outcomes and enforcing your custom security policies before funds leave your wallet. The Guardian would have blocked the malicious drainer address used in the Curve hack even before the frontend attack took place.

Reach out for a demo of Hypernative’s solutions, tune into Hypernative’s blog and our social channels to keep up with the latest on cybersecurity in Web3.

Secure everything you build, run and own in Web3 with Hypernative.

Website | X (Twitter) | LinkedIn

Secure everything you build, run, and, own onchain

Book a demo