Binance Recovers Majority Funds Stolen in Curve Finance Hack
“The hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it,” CEO Changpeng Zhao said
Binance’s Changpeng Zhao
key takeaways
- Compared to protocol exploits, the losses suffered as a result of the DNS hijack are relatively small
- Both operational security and technical security of DeFi dapps is expected to improve
Binance managed to freeze or recover a majority of the funds that hackers stole from DeFi protocol Curve Finance this week, the exchange’s CEO Changpeng Zhao said on Friday.
Zhao said in a tweet that the exchange is working with law enforcement authorities to return funds to users. Curve retweeted Zhao’s post, an apparent confirmation of the development.
Curve — the fourth largest DeFi (decentralized finance) protocol with about $6 billion in total value locked (TVL) — was struck by a security incident on Aug. 9, leading it to warn users against using its website. About $570,000 worth of tokens were believed to be stolen in the hack.
Unlike protocol exploits, the culprits took advantage of shortcomings in the security of online service providers — in this case, Curve’s domain name system (DNS). A DNS maps readable website names to IP addresses.
Marcus Sotiriou, analyst at GlobalBlock, said the hackers modified the IP address translated by the DNS for the curve.fi website. They provided the IP address of their own server and created an identical web application, he said in a note, allowing them to create new smart contracts to steal money. Users were approving transactions that were actually stealing their funds.
In the past two years, such attacks have become prevalent in the crypto industry as thieves search for ways to part crypto users from their funds.
Last month, infrastructure provider Ankr was hit with a social engineering-instigated DNS attack.
“This is an example of how important it is for users within DeFi to be fully educated on the protocols they use,” Sotiriou said.
“People could have protected themselves if they checked all the smart contracts they interact with,” he said.
But this is beyond the technical know-how of a vast majority of DeFi users, according to Teddy Woodward, co-founder of Notional Finance.
“The average retail user is not going to review the smart contracts they interact with [but] I think it is reasonable for larger or more professional users like businesses and funds to make an effort there, and many do,” Woodward told Blockworks, adding that over time, the safety of DeFi protocols has been consistently trending upward.
Each exploit hardens dapps and makes them safer for the average user.
“I think about it like plane travel,” Woodward said. “That used to be extremely dangerous, now it’s safer than driving a car.”
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
- Empire: Start your morning with the top news and analysis to inform your day in crypto.
- Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
- 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
- Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
- The Drop: For crypto collectors and traders, covering apps, games, memes and more.
