Protocol-impersonator domain registered (typosquat)

crvUSD (Curve Stablecoin)'s assessment for RD-F-161 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Protocol-impersonator domain registered (typosquat) within last 90 days. Applicable: Curve Finance is a top DeFi brand — major typosquat target. Curve Finance has a documented repeated history of DNS compromise (2022 curve.fi DNS attack, $570K losses; May 2025 curve.fi DNS hijack at registrar level). Protocol migrated to curve.finance in May 2025; curve.fi is now deprecated. The existence of a deprecated high-recognition domain (curve.fi) creates a natural typosquatting surface for multiple attack vectors (curve-finance.io, curvefi.com, etc.). Specific new typosquat registrations within 90 days of assessment (i.e., post-Feb 14, 2026) not confirmed via OSINT (WHOIS lookup not possible via WebFetch). Yellow: elevated structural risk given repeated attack history on this brand; specific 90-day new registration not confirmable without WHOIS/DomainTools feed.

Sources #

URL
Curve Domain Incident May 2025Curve Domain Incident: May 2025 DNS hijack; curve.fi deprecated; migration to curve.finance — elevated typosquat surface from dual-domain postureretrieved 2026-05-16
URL
Decrypt Curve 2022 DNS attackDecrypt 2022: curve.fi DNS hijack — first domain compromise instance; $570K lossesretrieved 2026-05-16

Methodology #

Determine whether a typosquat of the official protocol domain has been registered in the last 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol crvusd factor RD-F-161 score yellow collected_at 2026-05-16 19:09:40