Last week, Curve Finance suffered a DNS hack and announced its front end had been comprised. Curve Finance is a stablecoin decentralized exchange (DEX) that runs on the Ethereum blockchain.
This attack targetted the front end of Curve. More specifically, hackers have been able to hijack curve.fi’s DNS to redirect users to a copycat of the DEX asking users to approve a malicious contract. Once approved, hackers were able to steal stablecoins held in users’ wallets.
This hack resulted in the loss of $570,00. Curve urged affected users to revoke the malicious contract (0x9eb5f8e83359bb5013f3d8eee60bdce5654e8881) approval.
Curve hack funds sent to CEXs and Tornado Cash
The stolen funds went to this address 0x50f9202e0f1c1577822BD67193960B213CD2f331 which has been flagged accordingly in our software. The stolen funds accounted for around $570,000 at the time of the hack.
The hackers’ wallet stole DAI and USDC stolen from Curve Finance users:
After swapping the tokens on Uniswap DEX, the hackers sent back in total 362 ETH and 16.881 USDC, which were then sent to various platforms.
The majority of the ETH funds reached Fixed Float centralized exchange. The exchange received 292 ETH from the hackers’ address, around 80% of the stolen funds. Out of the 292 ETH, the exchange announced freezing 112 ETH, or 30% of the stolen funds.
Then, a smaller portion of funds also reached Binance, more specifically 20.6 ETH, or 6% of total stolen funds.
Also, 27.7 ETH reached the newly sanctioned mixing service, Tornado Cash. Last week, OFAC designated the mixing service and placed several related addresses on its SDN sanction list. Part of the funds stolen from the Curve Finance hack reached one of these sanctioned addresses.
This hacking incident shows that criminals can use various ways to obfuscate the trail of their transactions for laundering purposes. In this specific case, hackers used CEXs, DEX swaps, and mixing services.
Therefore, companies must check that the crypto funds they process don’t carry potential laundering risks. Blockchain analytics tools help compliance teams reduce their exposure to high-risk blockchain activity and facilitate crypto compliance.
Discover how Scorechain’s crypto compliance solution can help you monitor your crypto transactions against links with high-risk crypto activities like hacks, scams, mixers, etc.
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped over 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. In addition, 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.