Binance freezes $450 000 stolen from Curve protocol

What’s new? The head of cryptocurrency exchange Binance Changpeng Zhao said on his Twitter account that the company managed to block $450 000 that was stolen from the Curve.Finance DeFi protocol during the August 9 hack. According to Zhao’s statement, the exchange is now working with law enforcement to return the frozen funds to the owner.

Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can't catch it. 😂#SAFU https://t.co/Ekea9moeAw— CZ 🔶 Binance (@cz_binance) August 12, 2022

What else did Zhao say? The head of Binance noted that the amount frozen by the platform is 83% of the funds stolen in the hack. He added:

“The hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it.”

Earlier, representatives of the FixedFloat exchange managed to block another 112 ETH (~$191 000) that Curve hackers sent to their platform. In total, hackers withdrew 327 ETH (~$570 000 at the time of the hack) from Curve. According to Zhao, they changed the domain name system (DNS) record for the protocol to redirect users to a fake site that was creating a smart contract and that was withdrawing all customer funds.

Curve developers assured that the vulnerability was discovered and fixed. Citing investigative report results by analysts at the iwantmyname platform, they noted that the hack was due to DNS cache “poisoning” rather than compromise. The protocol’s team added that no one can completely safeguard themselves from this type of attack, and what happened prompted them to think about switching from DNS to ENS (Ethereum Name Service).

We have a brief report from @iwantmyname about what has happened. In brief: DNS cache poisoning, not nameserver compromise.https://t.co/PI1zR96M1ZNo one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS— Curve Finance (@CurveFinance) August 10, 2022

Additionally, Twitter users found a fake Curve account with more than 50 000 followers, whose owners are encouraging customers of the protocol to “revoke contracts” using their phishing link. Scammers can probably distribute fake links via Telegram as well.

Just got tagged by an account impersonating @CurveFinance with 51k followers urging all investors to “revoke contracts” using their linkPlease don’t fall for this!— The Defi Bum (@The_Defi_Bum) August 11, 2022

Curve.Finance is a decentralized exchange (DEX) and automated market maker (AMM) for trading stablecoins and wrapped digital assets such as wBTC and tBTC. The total value locked (TVL) in the protocol as of August 12, 11:30 UTC is $6,28 billion, according to DefiLlama. The platform has the native token CRV with a market capitalization of $530,93 million. The asset is trading at $1,35, down by 3,21%per day, according to Binance.