Following the recent Curve Finance attack, Binance CEO Changpeng Zhao announced that the exchange had recovered $450 million from hackers. The decentralized finance (defi) platform Curve saw roughly $570 million siphoned from the application on August 9.
Binance Boss Says Exchange Freezes 83% Of Curve Finance Hacked Funds, Domain Provider Says Exploit Was DNS Cash Poisoning
Four days ago, the crypto community was made aware that the Curve Finance front end had been exploited. Curve corrected the situation but $570 million was removed from the DeFi protocol. However, the attackers decided to send the funds to crypto exchanges. Binance CEO Changpeng Zhao (CZ) tweeted about the exploit that day.
“Curve Finance had their DNS hijacked in the past hour,” CZ wrote. “Hacker put a malicious contract on the home page. When the victim approved the contract, it would drain the wallet. Damage is around $570K so far. We are monitoring.” In addition to Binance monitoring the situation, the exchange Fixedfloat managed to freeze some funds.
“Our security department has frozen part of the money in the amount of 112” [ether], For our security department to be able to resolve what happened as quickly as possible, please email us at “fixedfloat” wrote Hack day. Then three days after the hack, on August 12th, CZ explained at 1:07 a.m. (EST) that Binance had recovered about 83% of the funds.
“Binance froze/recovered $450K of the Curve stolen funds, representing 83%+ of the hack,” CZ tweeted on Friday. “We are working with [law enforcement] to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it,” CZ added.
Curve Finance retweeted CZ’s statement and noted earlier in the day that the team has a brief report from the domain provider [iwantmyname.com] And added: “In short: DNS cache poisoning, no nameserver compromise,” Curve Finance Explained Sharing the report. “No one on the web is 100% safe from these attacks. What has happened strongly suggests to start moving to ENS instead of DNS.”
The domain provider iwantmyname.com’s report confirms Curve’s statements. “It appears that one customer’s domain was targeted,” iwantmyname.com’s disclosure report details. “Our external provider’s hosted DNS infrastructure was apparently compromised and the DNS records for this domain were changed to point to a cloned web server. Further investigation together with the external provider indicates that it was DNS Cache poisoning rather than any nameservers compromised.”
