Social-media impersonation scam spike

Curve Finance's assessment for RD-F-109 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Social media impersonation signal. P2 taxonomy priority but structurally elevated for Curve based on confirmed events. (1) May 5, 2025: official Curve Finance X account compromised; attacker posted fake CRV airdrop with phishing link to a fake interface. (2) May 12, 2025: DNS hijack created a full replica frontend mimicking curve.fi interface to drain user wallets. Curve is a high-brand-recognition target ($1.72B TVL, 6+ year history, global DeFi name). Brand impersonation risk is persistently elevated given documented repeat attack pattern on the same registrar (iwantmyname compromised twice). Signal is not grade-eligible per T-09 tier framework (advisory observation only). Score yellow to document confirmed and ongoing impersonation history.

Sources #

URL
Curve Finance warns users after website and X account hacksCurve Finance dual security breach — X account compromised May 5 + DNS hijack May 12, 2025retrieved 2026-04-28
URL
Curve Finance Hack: Urgent Warning Issued Over X Account CompromiseCurve Finance X account hack urgent warning (May 2025)retrieved 2026-04-28

Methodology #

Detect a sharp uptick in Discord/Telegram/X accounts impersonating the protocol team or announcing fake airdrops.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-109 score yellow collected_at 2026-04-28 19:48:40