Through different exchanges, wallets and mixers, hackers are looking for a way to disperse the money that has just been appropriated from Curve Finance.
On the morning of September 8, Curve Finance – the leading decentralized finance application warned users about a vulnerability on the project’s curve.fi website. This is believed to be an attack from a malicious object that affects the nameserver and the frontend interface of the application.
As soon as the incident was discovered, Curve Finance sought to remedy the situation. However, the attackers took away an initial estimate of 537,000 USDC.
The attacker is said to have faked a DNS domain name and then cloned a website similar to Curve Finance. He would then transfer the domain name to the IP address of the fake website and trick users into licensing malicious smart contracts.
By the afternoon of August 10, the research team of blockchain analytics firm Elliptic confirmed that hackers had breached Curve’s DNS, leading to users authorizing malicious transactions.
Elliptic estimates that 605,000 USDC and 6,500 Dai were stolen before Curve found and “patched” the vulnerability. Using blockchain analysis tools, Elliptic traced the stolen funds, which the hacker moved to a number of different exchanges, wallets, and mixers.
Accordingly, after successful appropriation, the amount of USDC and DAI is immediately converted to Ethereum by the hacker to prevent USDC from being frozen. The platform’s hacker “exploited” amount is 363 ETH worth nearly 670,000 USD.
Notably, the hacker sent 27.7 ETH into the Tornado Cash “mixer” (currently listed by the US Treasury Department). And 292 ETH was sent to FixedFloat – an automated crypto exchange on Bitcoin Lightning Network through various wallet addresses. Song FixedFloat froze one of the hacker’s wallets containing more than 112 ETH.
“We contacted FixedFloat, they confirmed 3 more wallet addresses where the hacker withdrew funds from the exchange. These include 1 BTC wallet, 1 BSC wallet and 1 LTC wallet.” Elliptic analysis team said.
Elliptic is still monitoring the hacker’s wallet addresses. Another 20 ETH was sent to the hot wallet of Binance and another 23 ETH to the hot wallet of the exchange has not been identified.
Curve Finance is one of the largest decentralized exchanges by total value locked (TVL), currently holding over 6 billion USD.