On the 10th, a DNS hijacking attack targeted Curve Finance, a decentralized stablecoin exchange mechanism, and more than $500,000 in funds were taken. The largest cryptocurrency exchange in the world, Binance, however, said today that it has frozen or recovered $450,000 in stolen Curve assets and is restoring the money to consumers. This was stated by Binance CEO Changpeng Zhao.
On the 10th, malicious individuals took control of Curve.fi, the website for the centralized stablecoin exchange protocol Curve Finance, and used it to redirect users to other fraudulent websites. Blockchain investigator ZachXBT on Twitter noted that the fraudulent contract sent the stolen money to an address where at least $570,000 had been taken.
Changpeng Zhao, CEO of Binance, revealed today that more than 83% of the stolen money had been found:
- Binance has frozen/recovered $450,000 of stolen Curve funds, accounting for more than 83% of funds stolen from hacking attacks, and we are working with law enforcement to return funds to users. Hackers keep sending funds to Binance in different ways, thinking we can’t catch it.
Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can't catch it. 😂#SAFU https://t.co/Ekea9moeAw
— CZ 🔶 Binance (@cz_binance) August 12, 2022
Hackers broke into Curve’s DNS domain name system, causing rogue transactions to be signed and the stolen assets to be routed to multiple cryptocurrency exchanges and mixers, according to experts at blockchain analysis company Elliptic. The monies were ultimately transported to Binance in an effort to hide the trace, where the Binance team found them.
According to earlier reports from the dynamic zone, Curve officially declared yesterday that all of its domain name servers had finished setting up their DNS records, making curve.fi safe to use. Curve also released a report on the hacking incident, suggesting that DNS cache poisoning rather than domain name server compromise was the root of the problem.
Recovery of a second instance of stolen money this week
In actuality, this is not the only instance this week of stolen money being found. Last week, a weakness led to an attack on the cross-chain bridge Nomad, costing 190 million US dollars. Then the representative declared a 10% white hat bonus. The hacker returned the money in order to avoid prosecution and earned a portion of the incentive. Nomad made the official announcement that $35.8 million had been paid on the eighth.