Binance Freezes $450K of Funds Stolen During Curve Front-End Exploit

  • Binance has frozen $450,000 of stolen funds from the Curve Finance front-end exploit.
  • FixedFloat had also frozen about $200,000 in funds.
  • The exploit was quickly patched by the team, limiting the damage.

There has been an update from the front-end hack incident of Curve Finance, with Binance seizing $450,000 of the stolen funds. That makes for nearly $650,000 of the funds frozen, as FixedFloat had also frozen 112 ETH shortly after the incident.

Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it. 😂#SAFU

Curve Finance was hacked a few days ago, with the attacker stealing what was reported as $570,000 at the time. The hacker had used a front-end exploit to steal the funds from the website. It was a compromise in the website’s name server that led to the exploit, and the team had asked users to revoke any approved contracts.

The Curve team was quick to resolve the exploit, fixing it within hours. An analysis of the incident showed that when a transaction was approved to spend an asset, it would drain the funds into a malicious, externally owned account (EOA).

Fortunately, the attack was quickly stymied by the team. This wasn’t the first scare this year in the Curve ecosystem, with Convex Finance patching a rug pull vulnerability that could have led to the loss of $15 billion.

There has been a continual stream of attacks in 2022, with well over a billion stolen. Projects are on high alert with respect to security. The need for audits and thorough smart contract development is higher than ever as the attacks pile up.

DeFi Market As Big a Target As Ever

The DeFi market continues to be a prime target for hackers, who find no shortage of vulnerabilities on various platforms. In 2022 so far, over $1 billion has been drained from space, according to a SlowMist report. The actual figure is likely to be much higher.

Tornado Cash, a mixing service, has become a popular tool for bad actors to siphon their money away. The tool obfuscates transaction data, making it nigh impossible to trace.

In any case, DeFi platforms will have to be careful as ever, as the attacks will not diminish in number. They will even have to look out for the likes of North Korea, as the associated Lazarus Group has conducted multiple attacks. It is believed to be behind the $100 million hack of the Horizon Bridge.

Source: Read Full Article