Cross-chain exchange Fixed Float seizes 112 ETH ($200,000) stolen from Curve
- Fixed Float has frozen 112 ether tokens worth $200,000.
- The tokens were intercepted from an attacker who attempted to launder the funds on Fixed Float.
- The front-end of Curve was compromised yesterday with a Domain Name Service (DNS) spoof.
Cross-chain exchange Fixed Float has frozen 112 ether ($200,000) stolen in a front-end attack on the decentralized exchange Curve Finance.
Curve Finance’s front end was compromised on Tuesday through a Domain Name Service (DNS) attack. The attackers had redirected users asking them to approve a malicious contract.
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
The DNS attack resulted in a loss of stablecoins worth $612,000, which according to security firm CertiK were swapped to ether (ETH).
Transferring the swapped ETH to Fixed Float
After swapping the stablecoins to ether, the attackers then tried transferring the ETH tokens to the Fixed Float exchange where the funds were seized.
Fixed Float is a decentralized Lightning Network-based exchange that allows users to swap between ether and bitcoin and it is believed the attacker wanted to launder the ether for bitcoin.
After freezing the funds, Fixed Float commented on Twitter saying:
“Our security department has frozen part of the funds in the amount of 112 ETH.”
The Curve Finance hack was unique in that the attackers avoided funneling all the stolen funds through Tornado Cash, a popular mixer on Ethereum that hackers use to obfuscate transfers of stolen tokens. Only a small amount was sent to Tornado Cash.
In recent days, Tornado Cash has been in the limelight after it was sanctioned by the US treasury.
According to Ryan Wegner, a lead security engineer at Polygon, the attacker transferred 242 ETH to Fixed Float, about 26 ETH to Tornado Cash, and 23 ETH to SideShift, a none-KYC crypto exchange.