SNEAK PEEK
- Binance has managed to successfully recover $450k worth of the Curve stolen funds, equivalent to 83% of the hack.
- Changpeng Zhao revealed that they are working with LE in order to facilitate the return of funds to the users.
- He mocked that the hacker kept sending the funds to Binance in various ways, thinking he won’t get caught.
On August 10, it came to light that Curve. Finance had their DNS hijacked following the hacker putting a malicious contract on the home page. The news came from Changpeng Zhao, the CEO of Binance, who clarified today that $450k worth of the Curve stolen funds had been recovered.
Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can't catch it. 😂#SAFU https://t.co/Ekea9moeAw
— CZ 🔶 Binance (@cz_binance) August 12, 2022
The funds recovered account for 83% of the total amount in the funds compromised in the hack. He revealed that Binance is working with LE to return the funds to the users. The details about the hack revealed that when the victim approved the contract on the home page, it would drain the wallet.
As per the revelations, the total damage caused due to the drainage of wallets accounted for $570k so far. Moreover, it was revealed that Curve. Finance uses GoDaddy for DNS, which is suspected to be the prime reason for the breach as it is insecure.
Curve. finance had their DNS hijacked in the past hour. Hacker put a malicious contract on the home page. When the victim approved the contract, it would drain the wallet. Damage is around $570k so far. We are monitoring.
— CZ 🔶 Binance (@cz_binance) August 9, 2022
CZ marked the fact that no Web3 projects should be using GoDaddy for DNS as it is susceptible to social engineering.
In addition, Zhao mocked the hacker and addressed that the hacker was thinking he would keep sending the funds to Binance in different ways and the platform won’t be able to catch it.
The users’ comments on the news and thoughts show that Changpeng Zhao is now aware of who the hacker was. However, he won’t be publicly revealing the name for the sake of AML, and it will be confidential news.