BOOK NOW
Investors Choice

Bitcoin Halving Countdown:

Countdown Expired!

STAY UP TO DATE WITH WCT

Subscribe to our newsletter and don’t miss the latest news from the world of crypto and receive notifications about new WCTAcademy articles!

Over 200 DeFi Protocols Still ‘at Risk’ from Squarespace DNS Hijack

Illustration of a DNS hijack targeting DeFi protocols

The recent DNS hijacking attack on decentralized finance (DeFi) protocols has left hundreds of protocol front ends vulnerable. Blockaid, a blockchain security firm, has provided insights into the potential extent and nature of this breach.

Attack on DNS Records Hosted on Squarespace

The attackers targeted DNS records hosted on Squarespace, redirecting them to IP addresses associated with known malicious activities, according to Ido Ben-Natan, co-founder and CEO of Blockaid. The Ethereum-based DeFi protocol Compound and the multi-chain interoperability protocol Celer Network were impacted on Thursday. Their front ends redirected visitors to a page designed to drain funds from connected wallets.

Widespread Vulnerability Across DeFi Protocols

The full extent of the hijack is still unknown, but approximately 228 DeFi protocol front ends remain at risk, as per Ben-Natan’s statements. The attackers have been linked to the Inferno Drainer group, known for its shared onchain and offchain infrastructure, including wallet and smart contract addresses, as well as IP addresses and domains.

Inferno Drainer’s Malicious Operations

Inferno Drainer’s wallet kit is a tool used by cybercriminals to steal funds by prompting users to sign malicious transactions. Once the transaction is signed, the drainer kit swiftly transfers the funds from the victim’s wallet to the attacker’s address. This kit is often deployed through phishing websites or compromised domains.

Blockaid’s Efforts to Combat the Threat

Blockaid is actively tracking the addresses involved in these attacks and is working closely with the community to report compromised sites. By creating verified onchain records for domains, an additional layer of protection can be offered to browsers and other systems, helping to offset the risk of DNS attacks.

Enhancing Security Measures

Matthew Gould, founder of Web3 domain provider Unstoppable Domains, suggested that DNS records can be configured not to update unless a verified onchain signature is provided. To change DNS records for Web3 domains, users must provide a signature for verification before any updates can be made. Even though this doesn’t use an onchain mirror host, it still requires user identity verification for updates.

 

Gould proposed a new feature where DNS updates would need a signature from the user’s wallet, making it harder for hackers as they would need to hack both the registrar and the user separately.

Telegram
Twitter
LinkedIn
Facebook
Email

Featured News

Investors Choice

More News

Load More
Moby Media Logo

STAY UP TO DATE WITH MOBYMEDIA

copyright MobyMedia 2023

BOOK NOW