- Hackers used Curve’s official X account to promote a fake CRV airdrop scam, urging users to connect their wallets to a malicious link.
- Curve Finance confirmed the attack only affected its X account and has resumed its official 6.5% CRV interest rewards campaign.
- Users must register by May 20 to claim CRV rewards or risk unclaimed tokens being reallocated to the Curve DAO Treasury Pool.
Curve Finance’s official X (formerly Twitter) account was compromised on Monday, triggering security concerns across the crypto community. The breach led to the promotion of a fake $CRV airdrop, which urged users to register via a suspicious link before an alleged snapshot.
Hacked Post Promotes Scam Airdrop to Thousands of Users
A tweet posted during the breach falsely claimed Curve was launching its “first CRV airdrop,” linking users to a malicious site masked as curve.fi. It mentioned a one-week registration period with a snapshot deadline set for Sunday midnight UTC. According to a post by CryptosRus, this was a reminder “not to click suspicious links,” warning that “nobody is giving free crypto.”
The tweet has since been deleted, but not before drawing attention from prominent community members. Michael Egorov, Curve’s founder, confirmed the breach and emphasized that no other system was compromised; only the X account was affected. “Control over the X account was just silently taken,” he stated from his handle.
Curve Restores Access and Reaffirms Reward Timeline
Shortly after the breach, Curve Finance announced the resumption of its planned $CRV interest rewards distribution. According to a report by Curvefi, rewards will begin on May 29 and offer up to 6.5% of total position value to over 11,632 eligible users. The payout structure will be based on user position size and health metrics, with token exposure remaining native to CRV.
Moreover, Curve clarified that unclaimed tokens after May 31 will be redirected to the Curve DAO Treasury Pool. Users must register before May 20 to be included in the allocation process. This ensures efficient custody planning and reinforces the protocol’s decentralized treasury management strategy.
Security Response and Community Coordination Praised
The recovery was rapid, with assistance from Security Alliance, Char, ChainPatrol.io, 9GAGCEO, and others who coordinated with the X support team. Community members, including Hayden Adams, also contributed to tracking and alerting users about the malicious activity. Within hours, access to the official handle was restored.
The method used by attackers remains undisclosed, with speculation ranging from phishing to leaked credentials or social engineering. Until Curve releases a full post-mortem, experts urge users to verify all communications via the official Curve website and trusted channels.
