The Curve Finance DeFi exchange suffered a hack recently, which led to the cybercriminals making away with over $570,000 in Ethereum equivalent. Nevertheless, some of the funds from the stated amount were frozen before the company announced that it had fixed the breach.
The AMLBot team decided to conduct an independent investigation into this incident.
“As you know, decentralized trading platform Curve Finance confirmed reports that its website was attacked by an external threat on Tuesday. The hackers appear to have compromised the Curve platform’s website or domain name in order to redirect users or their transactions to another location. The hackers managed to get away with $570,000 in ETH equivalent.”
We analyzed the address 0x50f9202e0f1c1577822BD67193960B213CD2f331, which the company indicated as the destination address the funds were withdrawn to.
Interestingly, in addition to the stolen funds, some funds from the Tornado Cash mixer were transferred to the given address that the criminals had used. It is noteworthy that recently the Tornado Cash mixer was declared illegal and accused of facilitating money laundering. This fact indicates that the criminals wanted to mix the stolen money with some funds that had been passed through the mixer. And, most likely, these funds were also procured illegally. They may also have been stolen earlier.
Most of the money was transferred to the Fixed Float exchange. We discovered that 7 transfers were made from wallet address 0x50f9202e0f1c1577822BD67193960B213CD2f331 within one day. The amounts transferred were the same and amounted to 45 ETH. By relying on open source information, we discovered that the Fixed Float exchange blocked the funds that had been transferred to the given wallet address. Another exchanger was also noted to have been involved in the transfers – Sideshift, which received a small amount of funds, namely 22.999450054 ETH.
At the time of writing, the scammers’ wallet balance is 0.000045203ETH. The Fixed Float exchange received a total of 315 ETH.
The investigation into the Curve Finance breach confirms that compliance with and integration of proper AML procedures is vital for platform integrity and security.
The AMLBot is the go-to service in case of security breaches, which will allow any platform to identify weak points in security layers and help trace lost funds to target addresses