Changpeng Zhao, Binance CEO, claimed that his team had recovered a significant amount of the money taken by Curve’s front-end exploit on Tuesday. Zhao provided a status report on Twitter that the centralized exchange has frozen $450,000 in stolen assets that the Curve hacker had transferred into the exchange. Zhao said that to help return them, the team is collaborating with law officials. Curve Finance has not yet made any comments regarding the recovery of the funds.
This was the second time money connected to the Curve exploit was seized. It was previously revealed that Fixed Float, a Lightning Network-based exchange, has also frozen 112 ETH (200,000), which the Curve exploiter had deposited in what was probably an attempt to launder the assets. As a result, the recovered amount has increased to almost $650,000.
On Tuesday, a Domain Name Service (DNS) spoof hacked the front end of Curve Finance. The attacker changed Curve’s DNS throughout the attack to route customers to another website that contained a malicious contract. The hacker had the potential to steal money from the unaware users when they interacted with the contract. The majority of the assets that were stolen after the exploit was transferred by the hacker to Fixed Float and Binance, where they remained frozen.
Usually, hackers use Tornado Cash, a well-liked Ethereum mixer, to conceal all of the transactions of the stolen assets. However, in this Curve vulnerability, hackers attempted to restrict the use of Tornado Cash by sending only a limited amount of the stolen ETH there. Tornado Cash has recently been in the public eye after the protocol, and its related Ethereum addresses were sanctioned by the US Treasury..
By Industry Standard January 31, 2020
By Agatha Android
January 16, 2020