Major crypto exchange Binance said it has frozen or recovered more than 83% of the Curve Finance (CRV) stolen funds.
According to the exchange’s CEO, Changpeng ‘CZ’ Zhao,
“Binance froze/recovered [USD] 450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users.”
The CEO added that “the hacker kept on sending the funds to Binance in different ways, thinking we can't catch it,” concluding the post with a laughing emoji.
On August 9, CZ wrote that Curve had their DNS hijacked.
DNS, or the Domain Name System, turns human-readable domain names into machine-readable IP addresses, which browsers use to load internet pages.
Per the CEO, the hacker(s) put a malicious contract on the home page, so when the victim approved the contract, it would drain their wallet. “Damage is around [USD] 570k so far. We are monitoring,” said CZ.
Further commenting on the Curve hack, he also added that,
“They use GoDaddy [an Internet domain registrar and web hosting company] for DNS, which is insecure. No web3 projects should use that. Very susceptible to social engineering.”
On their part, on Thursday, Curve shared “a brief report” on what had occurred, stating that, in brief: “DNS cache poisoning, not nameserver compromise,” adding:
“No one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS.”
The Ethereum Name Service (ENS) is an open and extensible naming system based on the Ethereum (ETH) blockchain, which maps human-readable names to machine-readable identifiers such as crypto addresses, content hashes, and metadata.
The report by domain registrar company iwantmyname stated that the company is investigating this DNS issue that
Read more on cryptonews.com