Curve Finance Fake Airdrop After Twitter/X Compromise
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Curve Finance is a leading DeFi platform launched in January 2020, known for its efficient stablecoin trading, low-slippage swaps via an AMM model, and rewards for liquidity providers. Its specialized bonding curves are designed for minimal price impact, especially in high-volume stablecoin transactions. In May 2025, Curve's X account was briefly compromised by attackers promoting a fake airdrop, but the breach was limited to the social media account, with no impact on user funds or systems. The team quickly restored access, issued a public update, and is continuing to investigate the cause while remaining fully operational.[1][2][3][4][5][6][7][8][9][10][11][12][13][14]
About Curve Finance
Curve Finance has established itself as a leading platform in the decentralized finance (DeFi) ecosystem, offering efficient stablecoin trading, liquidity provision opportunities, and innovative financial products.
Launched in January 2020, Curve Finance utilizes an Automated Market Maker (AMM) model, allowing users to trade directly against liquidity pools rather than relying on traditional order books. This approach minimizes price slippage, making it particularly advantageous for traders dealing with stablecoins like USDC, DAI, and USDT.
One of Curve's distinctive features is its specialized bonding curves tailored for stablecoin swaps. These curves are optimized to maintain tight price spreads, ensuring that users can execute trades with minimal price impact. This design is especially beneficial for large-volume transactions, as it reduces the potential for significant price fluctuations during trades.
In addition to its core trading functionalities, Curve Finance offers opportunities for liquidity providers to earn rewards. By supplying assets to various liquidity pools, users can earn a portion of the trading fees generated on the platform. The governance of Curve is decentralized through the Curve DAO, where holders of the CRV token can participate in decision-making processes related to the protocol's development and operations.
As of May 2023, Curve Finance introduced its native stablecoin, crvUSD, on the Ethereum mainnet. This overcollateralized stablecoin operates using a mint-and-burn mechanism, similar to other decentralized stablecoins like MakerDAO's DAI. What sets crvUSD apart is its innovative lending-liquidating algorithm, LLAMA, which continuously rebalances collateral to prevent sudden liquidations during market downturns.
About Michael Egorov
Michael Egorov is a software developer and entrepreneur best known for founding Curve Finance, a decentralized exchange focused on stablecoins and launched in 2020. Before that, he was the CTO and co-founder of NuCypher, a data privacy layer using proxy re-encryption. His background includes work as a software engineer at several tech companies and as a physicist in academic institutions.
Egorov holds a Bachelor’s degree in Applied Mathematics and Physics from the Moscow Institute of Physics and Technology, where he graduated with honors. He later earned a Ph.D. in Physics from Swinburne University of Technology, specializing in quantum physics and Bose-Einstein condensates.
His interest in crypto began in 2013 while working as a postdoc. Recognizing the potential of stablecoins, he began building Curve while still at NuCypher. Initially working alone, Egorov focused on balancing decentralization, safety, and development speed, eventually establishing Curve as a leading DeFi platform built on Ethereum.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
In May 2025, Curve Finance's X account was compromised in a limited breach that did not affect user funds.
| Date | Event | Description |
|---|---|---|
| May 5th, 2025 12:40:00 PM MDT | Curve Finance Account Restored | Curve Finance posts to announce that they are back, a statement which co-founder Michael Egorov confirms by retweeting it. |
| May 5th, 2025 1:05:00 PM MDT | Michael Egorov Block Saviour | Michael Egorov requests for anyone who was blocked by CurveFinance while the hacker controlled it to come forward. Many users report being blocked, and some report being unfollowed as well. |
| May 6th, 2025 3:57:00 AM MDT | Curve Finance Shares Update | Curve Finance shares an update. that yesterday its official X (formerly Twitter) account was compromised, but access has since been fully restored. The breach was limited strictly to the X account—no other systems were affected, no security vulnerabilities were found, and no user funds were impacted. Fortunately, there were no reports of users falling for the phishing links posted by the attacker. Curve Finance remains fully operational and continues to investigate the incident, thanking the community for its swift support and vigilance. |
Technical Details
Attackers claimed an airdrop.
Total Amount Lost
No users were reported to have fallen for the phishing links posted during the hack.
No funds were lost.
Immediate Reactions
Curve Finance responded quickly and transparently to the May 2025 compromise of its official X account.
Ultimate Outcome
On May 5, 2025, Curve Finance successfully regained control of its compromised X (formerly Twitter) account, with co-founder Michael Egorov confirming the restoration by retweeting the announcement. Shortly after, Egorov asked users who had been blocked by the attacker to come forward, leading many to report being blocked or unfollowed during the breach. By May 6, Curve Finance released a formal update confirming that the breach was limited solely to their X account—no internal systems were affected, no user funds were lost, and there were no known victims of the phishing links posted by the hacker. The platform remains fully operational and is continuing to investigate the incident.
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
While access has been restored and no damage to user funds or other systems occurred, the team is still working to determine how the breach happened to prevent future incidents. They’ve stated they will share further updates as needed, which may suggest the internal review is not yet complete.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Curve Finance website and Twitter account hacked (Accessed Jun 5, 2025)
- ↑ Curve Finance Archived Tweet - Web3IsGoingGreat (Accessed Jun 5, 2025)
- ↑ Curve Finance - "We are officially back. Special thanks to everyone who helped to return the account back so fast: @_SEAL_Org, @0xChar, @9gagceo, @pcaversaccio, @ChainPatrol, even @haydenzadams, and of course X support team" - Twitter/X (Accessed Jun 5, 2025)
- ↑ Michael Egorov - "Anyone who appears blocked by @CurveFinance while hacker controlled it - please tell!" - Twitter/X (Accessed Jun 5, 2025)
- ↑ Michael Egorov - "Now Curve X account is back for real" - Twitter/X (Accessed Jun 5, 2025)
- ↑ Michael Egorov - IQ.wiki (Accessed Jun 5, 2025)
- ↑ Decentralized finance (DeFi) protocol Curve Finance deployed its highly anticipated native stablecoin called crvUSD on the Ethereum mainnet Wednesday afternoon. - CoinDesk (Accessed Jun 5, 2025)
- ↑ Understanding Curve Finance: Earn, Trade, and Farm with DeFi - Return Finance Blog (Accessed Jun 5, 2025)
- ↑ What Is Curve Finance? - OSL Academy (Accessed Jun 5, 2025)
- ↑ How To Use Curve Finance: A Step By Step Guide - Coin98 (Accessed Jun 5, 2025)
- ↑ What Is Curve Finance in DeFi? - Binance Academy (Accessed Jun 5, 2025)
- ↑ Curve Finance - "Not really: unclear how account access could be taken. No sign of any client-side compromise" - Twitter/X (Accessed Jun 5, 2025)
- ↑ greedisgood - Interaction Claiming Not Hacked - Twitter/X (Accessed Jun 5, 2025)
- ↑ Curve Finance - "the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds were impacted, no victims of phishing links which the hacker posted. All Curve systems remain fully operational." - Twitter/X (Accessed Jun 5, 2025)