Unveiling the Scope: DeFi’s DNS Hijack and Its Implications

In the shadow of a sophisticated DNS hijacking attack targeting decentralized finance (DeFi) platforms, new details have surfaced regarding its magnitude and mechanics, provided by blockchain security experts at Blockaid. The breach exploited vulnerabilities within DNS records hosted on Squarespace, redirecting them to nefarious IP addresses involved in known malicious activities.

Ido Ben-Natan, co-founder and CEO of Blockaid, discussed the severity of the situation, revealing that prominent Ethereum-based DeFi protocol Compound and the multi-chain interoperability protocol Celer Network were among those compromised. The attack caused their websites to redirect visitors to a malicious page designed to drain cryptocurrency from connected wallets.

The scope of the breach remains under investigation, but Ben-Natan estimated that approximately 228 DeFi protocol front ends could still be at risk. He highlighted the connection to Inferno Drainer, a notorious entity known for its wallet drainer kits which trick users into signing transactions that transfer their funds to attackers. This group utilizes a combination of on-chain and off-chain resources to execute and mask its operations.

Inferno Drainer’s methods involve deploying phishing sites or compromised domains to orchestrate their attacks, leveraging the shared infrastructure to perpetrate and conceal their activities. This commonality aids security firms like Blockaid in tracking and identifying related cyber threats effectively.

In response to the growing threat, there are ongoing discussions about bolstering security measures. Matthew Gould, founder of Web3 domain provider Unstoppable Domains, advocated for enhanced DNS record security in a recent post. He suggested that DNS updates should require a verified on-chain signature to prevent unauthorized changes, thereby adding a robust layer of protection against such DNS attacks.

This proposal would require users to provide a signature for verification before any alterations to DNS records can proceed, significantly complicating the efforts of potential hackers by necessitating simultaneous breaches of both the registrar and the user’s own defenses.

As the DeFi community grapples with these security challenges, the incident underscores the critical need for advanced protective strategies in the increasingly targeted and vulnerable landscape of decentralized finance.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Bullish Times is a marketing agency committed to providing corporate-grade press coverage and shall not be liable for any loss or damage arising from reliance on this information. Readers should perform their own research and due diligence before engaging in any financial activities.

bennysteele

NFT and Cryptocurrency Journalist. Founder of NFTRadar, much copied never equalled. Community manager for multiple Telegram and Discord groups. I have been working in the Crypto space since 2018 in various capacities promoting ICOs and NFT startups.

View All Articles