220 DeFi protocols at risk from Squarespace DNS hijack

07/12/2024

4,6

★

Following a recent DNS hijacking episode that targeted DeFi (Decentralized Finance) platforms, new evaluations on the attack's scope and essence have come to light.

Different reports, including one from the cyber security enterprise Blockaid, elaborate on how culprits focused on manipulating DNS registrations maintained on Squarespace.

According to Ido Ben-Natan, Blockaid's co-founder and CEO, these alterations redirected visitors to IP addresses notorious for illicit endeavors.

Thursday saw DeFi application Compound and the interoperability solution Celer Network's websites rerouted to a fraudulent page designed to empty out user wallets upon connection.

The total impact of this intrusion remains uncertain, but Ben-Natan notes that approximately 228 DeFi application interfaces are potentially still vulnerable.

Ben-Natan pointed out that the links to Inferno Drainer are evident through both online and offline shared resources. This encompasses both smart contract and wallet addresses on the blockchain, alongside IP addresses and domain names associated with Inferno offline.

Inferno Drainer embodies a toolkit for digital thieves, enticing users into authorizing transactions that inadvertently transfer ownership of their assets to the perpetrators.

Once the deceitful transaction is approved, the toolkit rapidly reallocates the funds from the prey's digital purse to the felon's account. Such kits are commonly utilized via fake websites or hacked domains.

Having targeted various DeFi platforms by exploiting numerous security gaps, the activities of the Inferno Drainer gang have been under surveillance for a while. Their consistent use of communal resources aids cyber security services in detecting and correlating attacks, a fact Ben-Natan swiftly recognized.

Matthew Gould, the brain behind Web3 domain service Unstoppable Domains, suggests that establishing certified blockchain records for domains could introduce an extra safeguard, allowing browsers and other platforms to verify and thus mitigate DNS assault risks.

As per Gould's remarks in a recent X post, setting DNS entries to necessitate a validated blockchain endorsement prior to modification could enhance security.

Currently, Web3 domain adjustments demand an authenticating signature from the user before implementation.

Though this method doesn't employ a blockchain-based verification system, it still necessitates a verification of user identity prior to modifications, as mentioned by Gould.

A potential upgrade could enforce DNS adjustments to require a user's wallet signature, significantly complicating the attackers' efforts as they would have to breach both the registry service and the user's personal security measures, the inventor suggested.

Subscribe to Cryptonica.News
on social networks

The materials found on the Cryptonica website shall not be taken as individual investment recommendations. The financial instruments or operations mentioned therein may not align with your investment profile or objectives. We assume no responsibility for any missing facts or inaccurate information in the texts. Cryptocurrencies are financial assets with high risk and volatility. Therefore, it is crucial that you conduct your own research on financial instruments and make independent decisions. Before engaging in any actions related to cryptocurrency, you shall study, understand, and comply with the laws applicable in your region and country.