Curve Finance got hit hard earlier this month with a major DNS hijack, shining a spotlight on the sneaky, high-tech tricks hackers are pulling on crypto firms. From hijacked social media accounts to front-end exploits and smart contract loopholes, the Web3 world is under siege like never before. As DeFi and crypto popularity skyrocket, so do hacker attacks; they’re practically the new normal.
Crypto’s Security Woes Are Different and Way Tougher
Egorov, co-founder of Curve, explained that while traditional web security flaws aren’t new, Web3’s stakes are sky-high because crypto transactions are final and irreversible. “Internet infrastructure wasn’t built for this,” he said. Curve, a DeFi powerhouse, has faced serious hacks before but had to switch its official domain after this latest DNS hijack.
He’s convinced the problem isn’t what Curve did (or didn’t do), but the very foundation of the web itself.
“We need secure desktop apps built from the ground up with safety as the top priority,” Egorov insisted.
The crux? Web3 apps still rely on clunky old DNS systems that link static websites to front-end hosting. If hackers bribe or trick DNS registrars, boom, they get in. This is exactly what happened to Curve.
Add to that the mess of thousands of tiny JavaScript packages that are nearly impossible to fully audit, and you’ve got plenty of backdoors hackers love to exploit. Web3, it seems, is still vulnerable to old-school Web2 attacks.
Radical Fixes Needed for a Safer Web3 Tomorrow
Egorov isn’t all doom and gloom. He says big changes are coming, like Ethereum Name Service (ENS), a blockchain-native alternative to DNS that could nix these attacks, if browsers get on board.
But making crypto truly secure means overhauling how web apps work, ditching web tech altogether, and probably giving up traditional ways to monetize web traffic. “It’s a lot of work,” Egorov admits, “but institutions with big money want it.”
Same thing applies to the new owner of iwantmyname - https://t.co/IqIWYxCz4p. Believe it or not, the .fi domain is still not given back and support responds very slowly.
— Michael Egorov (@newmichwill) May 19, 2025
I get it, they probably investigate a hack or something on their side, but some comms would be good https://t.co/ydzGJW3P9d
While these ideas sound wild, Egorov believes the main problem is social, not tech, meaning the tools exist, but getting everyone on board is the challenge.
Until then, his advice is simple: DeFi should shift to dedicated desktop apps, slamming the door on those massive web attack surfaces.
“As I said, frontend apps are just too risky right now,” he said. “We need safer, dedicated desktop apps for DeFi.”
Gunel Ismayilova
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
