DeFi

220+ DeFi Protocols Still “Threatened” by Squarespace DNS Hack

Published

6 months ago

on

Following the recent DNS hijacking attack on decentralized finance (DeFi) protocols, new information has emerged about the potential scope and nature of the breach.

The incident, highlighted by various sourcesincluding blockchain security firm Blockaid, involved attackers targeting DNS records hosted on Squarespace.

These records were redirected to IP addresses associated with known malicious activity, said Ido Ben-Natan, co-founder and CEO of Blockaid. Decrypt.

EthereumDeFi protocol based on Compound and multi-chain interoperability protocol Celer Network were impacted on Thursday, with their respective interfaces redirecting visitors to a page that drains funds from connected wallets.

While the full extent of the hack is not yet known, approximately 228 DeFi protocol interfaces are still at risk, Ben-Natan said.

“The association with Inferno Drainer is clear as shared onchain and offchain infrastructure,” Ben-Natan said. “This includes onchain wallet and smart contract addresses as well as offchain IP addresses and domains related to Inferno.”

Inferno Drainer’s wallet kit allows cybercriminals to steal funds from unsuspecting users. It works by tricking users into signing malicious transactions that give the attacker control over their digital assets.

Once the transaction is signed, the drain kit quickly transfers funds from the victim’s wallet to the attacker’s address. The kit is often deployed via phishing websites or compromised domains.

The Inferno Drainer group has been active for some time, targeting various DeFi protocols and exploiting different vulnerabilities. Their use of shared infrastructure makes it easier for security firms to track and identify associated attacks, something Ben-Natan was quick to point out.

“Blockaid is able to track addresses,” he said. “Our team has also worked closely with the community to ensure there is an open channel to report compromised sites.”

By creating verified onchain records for domains, an additional layer of protection can be provided to browsers and other systems for verification, helping to offset the risk of DNS attacks.

That’s according to Matthew Gould, founder of Web3 domain provider Unstoppable Domains, in an article published Thursday on X.

DNS records can be configured not to be updated unless a verified on-chain signature is provided, he said.

Currently, to modify DNS records for Web3 domains, users must provide a signature for verification before any update takes place.

Even though this doesn’t use a chained mirror host, it still requires user identity verification for updates, Gould said.

A new feature could be added, in which DNS updates would require a signature from the user’s wallet. This would make it much harder for hackers, as they would have to hack both the registrar and the user separately, the founder said.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version