Binance Chief Says Exchange ‘Froze/Recovered 83%+ of Curve Stolen Funds’
Major crypto exchange Binance said it has frozen or recovered more than 83% of the Curve Finance (CRV) stolen funds.
According to the exchange’s CEO, Changpeng ‘CZ’ Zhao,
“Binance froze/recovered [USD] 450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users.”
The CEO added that “the hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it,” concluding the post with a laughing emoji.
On August 9, CZ wrote that Curve had their DNS hijacked.
DNS, or the Domain Name System, turns human-readable domain names into machine-readable IP addresses, which browsers use to load internet pages.
Per the CEO, the hacker(s) put a malicious contract on the home page, so when the victim approved the contract, it would drain their wallet. “Damage is around [USD] 570k so far. We are monitoring,” said CZ.
Further commenting on the Curve hack, he also added that,
“They use GoDaddy [an Internet domain registrar and web hosting company] for DNS, which is insecure. No web3 projects should use that. Very susceptible to social engineering.”
On their part, on Thursday, Curve shared “a brief report” on what had occurred, stating that, in brief: “DNS cache poisoning, not nameserver compromise,” adding:
“No one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS.”
Well, at least it has an unspoofable record. ENS gateways could be the weak point though— Curve Finance (@CurveFinance) August 10, 2022
The Ethereum Name Service (ENS) is an open and extensible naming system based on the Ethereum (ETH) blockchain, which maps human-readable names to machine-readable identifiers such as crypto addresses, content hashes, and metadata.
The report by domain registrar company iwantmyname stated that the company is investigating this DNS issue that on August 9 “led to the apparent compromise of one of our customer’s websites and a downtime for some customers that use our DNS services.”
Per the report,
“Our external provider’s hosted DNS infrastructure was apparently compromised and the DNS records for this domain were changed to point to a cloned web server.”
The analysis done up to that point indicated that the compromise didn’t occur on the iwantmyname infrastructure or that of their service provider, and the team said that they are “still looking into the root cause and the full timeline.”
Meanwhile, users are warning about Curve Finance impersonators attempting to trick investors:
Just got tagged by an account impersonating @CurveFinance with 51k followers urging all investors to “revoke contracts” using their link— The Defi Bum (@The_Defi_Bum) August 11, 2022
Please don’t fall for this!
At 10:54 UTC, CRV was trading at USD 1.37, down 2% in a day and up 2.5% in a week. Overall, the coin is up 55% in a month, down 33% in a year, and down 91% since its all-time high recorded in August 2020.
– Over USD 36M Returned to Nomad Bridge’s Fund Recovery Address
– Solana Blames Slope Wallet for Hack While Slope Says that ‘Nothing is Yet Firm’
– SOL Drops as Thousands of Wallets Attacked on Solana, Millions in USD Stolen
– Axie Infinity Developer Denies Wrongdoing Following Ronin Hack-Related Crypto Transfer Discovery
– DeFi Unlocked: How to Earn Crypto Investment Income on Curve Finance
– Cryptoverse in Chaos: Giants Race for New DeFi Darling, Curve, Yam Plots Comeback