Binance CEO Says Exchange Recovered $450,000 From Curve Finance Attack CoinBlog

Following the recent Curve Finance attack, Binance CEO Changpeng Zhao announced that the exchange had recovered $450,000 from the hackers. Decentralized finance (defi) platform Curve saw around $570,000 siphoned from the app on August 9.

**Editor’s Note: The title of this article has been updated as it read $450 million when the editorial was published. The correct number of funds recovered by Binance was $450,000.

Binance boss says Exchange froze 83% of Curve Finance hack funds, domain provider says exploit was DNS cache poisoning

Four days ago, the crypto community was notified that the Curve Finance frontend was being exploited. Curve fixed the situation but $570,000 was removed from the defi protocol. The attackers, however, decided to send the funds to crypto exchanges. Binance CEO Changpeng Zhao (CZ) tweeted about the exploit the day it happened.

“Curve Finance had their DNS hacked in the last hour”, CZ wrote. “Hacker put a malicious contract on the homepage. When the victim approved the contract, it would empty the wallet. Damage is approximately $570,000 so far. We monitor. In addition to Binance monitoring the situation, the Fixedfloat exchange managed to freeze some funds.

“Our security service has frozen part of the funds amounting to 112 [ether]. In order for our security department to fix what happened as soon as possible, please email us,” Fixedfloat wrote the day of the hack. Then three days after the hack, on August 12, CZ explained at 1:07 a.m. (EST) that Binance had recovered around 83% of the funds.

“Binance froze/recovered $450,000 of stolen funds from Curve, accounting for over 83% of the hack”, CZ tweeted Friday. “We work with [law enforcement] to return funds to users. The hacker kept sending the funds to Binance in different ways, thinking we can’t catch him,” CZ added.

Curve Finance retweeted CZ’s statement and noted earlier today that the team had a brief report from the domain provider [] and said, “In short: DNS cache poisoning, not nameserver compromise,” Curve Finance Explain while sharing the report. “No one on the web is 100% immune to these attacks. What happened STRONGLY suggests starting to switch to ENS instead of DNS.

The report from domain provider confirms Curve’s claims. “It appears that a customer’s domain was targeted,” the disclosure report from details. “Our external provider’s hosted DNS infrastructure has apparently been compromised and the DNS records for this domain have been changed to point to a cloned web server. Further investigation with the external provider indicates that it was DNS cache poisoning rather than a compromised nameserver.

Keywords in this story

$450,000, $570,000, Binance, Binance CEO, Changpeng Zhao, Curve, Curve fi frontend,, CZ, DeFi, Defi exploit, DNS Cache poisoning, ETH, Ethereum, Ethereum (ETH), Fixedfloat, Funds , Hack, Hacker Funds,, USDC, USDC Funds

What do you think about Binance recovering $450,000 from the Curve Finance hack? Let us know what you think about this topic in the comments section below.

Jamie Redman

Jamie Redman is the News Manager at News and a fintech reporter living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He is passionate about Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written over 5,700 articles for News about disruptive protocols emerging today.

Image credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. This is not a direct offer or the solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button