After the recent attack on DeFi protocol, Curve Finance, the CEO of Binance, announced that the exchange had managed to recover funds of about $450 million.
The hackers had stolen approximately $570 million from the decentralized finance (DeFi) platform on August 9th.
The crypto community learnt a few days ago that Curve Finance’s frontend had been exploited and even though the protocol fixed the loop hole, $570 million had already been siphoned off.
However, the attackers had decided to send the stolen funds to crypto exchanges and this is where Binance stepped in. Changpeng Zhao, the CEO of the crypto exchange, tweeted about the attack.
CZ said that the DNS of the DeFi protocol had been hijacked. He said that a malicious contract had been put on the home page and once it was approved by the user, it drained their wallet immediately.
He said that they were monitoring the situation and Fixedfloat also succeeded in freezing some of the funds.
On the day of the attack, Fixedfloat disclosed that about 112 ether had been frozen by the security department.
Recovery of Funds
Three days after the attack, the chief executive of Binance explained that almost 83% of the stolen funds had been recovered by Binance.
On Friday, CZ said that they had successfully recovered $450 million and were working with law enforcement to return them to the users.
He disclosed that the hacker had kept on sending the funds to Binance in different ways, believing that they would not be able to identify them.
Curve Finance also retweeted the CEO’s statement. It had also been said earlier in the day that instead of DNS, it was better to switch to ENS because no one could be 100% safe from these attacks.
Domain provider’s report
The decentralized finance (DeFi) protocol said that the domain provider had also given a brief report. According to Curve Finance, it had not been nameserver compromise, but DNS poisoning.
The report from iwantmyname.com i.e. the domain provider confirmed the statement put forth by the Curve Finance protocol.
The disclosure report from the provider said that the domain of one customer had been targeted by the hackers.
It said that the hosted DNS infrastructure of their external provider had been compromised and the domain’s DNS records had been changed.
Therefore, they pointed to a cloned web server instead. It also said that they had conducted further investigation into the matter with the external provider.
This revealed that the DNS cache had been poisoned and no nameservers had been compromised in the attack.
This is certainly not the first attack that has been carried out this year on decentralized finance (DeFi) protocols.
Several of them have happened in 2022 alone and they appear to be getting worse with each passing day. It shows that steps would have to be taken by protocols to enhance their security.
Otherwise, hackers will continue to exploit protocols and siphon off funds.