Major crypto exchange Binance said it has frozen or recovered more than 83% of the Curve Finance (CRV) stolen funds.
According to the exchange’s CEO, Changpeng ‘CZ’ Zhao,
“Binance froze/recovered [USD] 450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users.”
The CEO added that “the hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it,” concluding the post with a laughing emoji.
On August 9, CZ wrote that Curve had their DNS hijacked.
DNS, or the Domain Name System, turns human-readable domain names into machine-readable IP addresses, which browsers use to load internet pages.
Per the CEO, the hacker(s) put a malicious contract on the home page, so when the victim approved the contract, it would drain their wallet. “Damage is around [USD] 570k so far. We are monitoring,” said CZ.
Further commenting on the Curve hack, he also added that,
“They use GoDaddy [an Internet domain registrar and web hosting company] for DNS, which is insecure. No web3 projects should use that. Very susceptible to social engineering.”
On their part, on Thursday, Curve shared “a brief report” on what had occurred, stating that, in brief: “DNS cache poisoning, not nameserver compromise,” adding:
“No one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS.”
The Ethereum Name Service (ENS) is an open and extensible naming system based on the Ethereum (ETH) blockchain, which maps human-readable names to machine-readable identifiers such as crypto addresses, content hashes, and metadata.
The report by domain registrar company iwantmyname stated that the company is investigating this DNS issue that on August 9 “led to the apparent compromise of one of our customer’s websites and a downtime for some customers that use our DNS services.”
Per the report,
“Our external provider’s hosted DNS infrastructure was apparently compromised and the DNS records for this domain were changed to point to a cloned web server.”
The analysis done up to that point indicated that the compromise didn’t occur on the iwantmyname infrastructure or that of their service provider, and the team said that they are “still looking into the root cause and the full timeline.”
Meanwhile, users are warning about Curve Finance impersonators attempting to trick investors:
At 10:54 UTC, CRV was trading at USD 1.37, down 2% in a day and up 2.5% in a week. Overall, the coin is up 55% in a month, down 33% in a year, and down 91% since its all-time high recorded in August 2020.