Cross-chain exchange Fixed Float said it froze 112 ether ($200,000) that was stolen in a front-end exploit on the decentralized exchange Curve.
On Tuesday, Curve Finance had its front end compromised with a Domain Name Service (DNS) spoof. The perpetrator redirected users, asking them to approve a malicious contract. This attack stole more than $612,000 in stablecoins and swapped them to ether (ETH), per security firm CertiK.
Following the theft, the attacker attempted to launder the stolen funds by transferring it to Fixed Float. This is a (mostly) decentralized exchange based on the Lightning Network, which offers swaps between ether and bitcoin.
The attacker likely hoped to obfuscate their on-chain traceability by leveraging an atomic swap from Ethereum to the Lightning channel-based exchange. However, Fixed Float is not fully decentralized as the hackers may have hoped. The DEX acted quickly and was able to seize a portion of the assets.
“Our security department has frozen part of the funds in the amount of 112 ETH,” Fixed Float said on Twitter.
Usually hackers funnel all of the stolen assets through Tornado Cash, a popular mixer on Ethereum which allows them to obfuscate their transfers. In this Curve exploit, though, hackers tried to limit the use of Tornado Cash and only a small amount of stolen ETH was sent there.
According to Ryan Wegner, lead security engineer at Polygon, the hacker transferred 242 ETH to Fixed Float. The hacker sent only a small amount to Tornado Cash, roughly 26 ETH. A further 23 ETH were transferred to Sideshift, a non-KYC crypto exchange.
Fixed Float did not immediately respond to The Block's request for comment.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.