DeFi

Over 120 DeFi Frontends Could Be Vulnerable to DNS Attacks

Published

6 months ago

on

Google’s domain registrar migration to Squarespace left over 120 DeFi domains vulnerable to DNS attacks.

The Web2 infrastructure that underpins Web3 front-ends continues to pose risks to users.

Experts are urging Web3 users to avoid interacting with DeFi protocols’ frontends after domain migrations associated with Squarespace’s acquisition of Google’s domain business left many websites vulnerable to domain name server (DNS) attacks.

On July 11, front-end domains for Compound financing, Pendle FundingAnd Celer Network were targeted after the migration resulted in the disabling of two-factor authentication (f2a) securing websites previously operated by Google. Compound, Pendle and Celer each tweeted that their domains have since been secured.

“A DNS attack is underway and currently affecting Squarespace domain registrar,” tweeted Bobby Ong, Co-Founder of CoinGecko. “The best thing to do is not interact with crypto and rest for the next two days until everything is resolved.”

0xngmi from DeFi Llama sharing a list of over 120 DeFi domains that could be vulnerable to the attack. “This is a list of all domains that share this registrar, so they could be at risk of being hacked,” they said. said.

Front-end user interfaces (UIs) allow users to interact with DeFi protocols through a typical graphical user interface hosted via a web domain. While DeFi projects’ front-end interfaces may be vulnerable, the incident did not impact the underlying Web3 back-end protocols, which facilitate server-side operations, databases, and application logic.

Domain Migration

In June 2023, Google sold its domain activity to Squarespace. However, the websites were not migrated from Google to Squarespace until July 10.

It appears that domain owners were unaware that their 2FA would be disabled as part of the transition, exposing many domains to potential DNS attacks. Attackers were able to redirect DNS records of popular DeFi frontend websites to malicious addresses hosting wallet drainers and phishing attacks.

“Based on initial assessment, it appears that the attackers are operating by hijacking DNS records of projects hosted on SquareSpace,” tweeted Blockaid, a web3 security company. “The attackers are using a drain kit associated with the latest iteration of the Inferno drain group.”

Inferno Drainer is designed to trick unsuspecting users into approving malicious transactions that transfer a victim’s funds to the hacker’s wallet.

“Our bot has detected that a new malicious DNS record has been added to redirect Pendle’s decentralized application to a malicious site,” Pendle tweeted.

According to CertiK, phishing attacks counted for nearly $498 million in losses from cryptographic exploits in the first half of 2024, or 72% of the $688 million lost from all forms of attacks combined.

Squarespace did not respond to The Defiant’s request for comment at the time of publication.

Related: Bittensor Shuts Down Network After Users Fall Victims of Python Malware

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version