Galax Protocol suffered a DNS attack, costing over $150K and still growing.
Web3 community platform Galxe's website was offline for about an hour on October 6. Galxe reported on X (formerly Twitter) that the site was down at 14:44 UTC, confirming a security breach 40 minutes later. Domain Name System (DNS) registry. He warned against visiting the domain until the situation is resolved.
As of this writing, Galxe has not confirmed that its website is safe for reuse. After the website was restored, some X posters were reporting being banned by Google.
Dear Galx Community,
We are aware of the impact recent events have had on our users and are working to quickly take corrective action. The Galxe security team continues to take an aggressive approach to protecting your data, funds and digital assets.
Steps to take: ❗️Do…
— Galxe (@Galxe) October 6, 2023
A Web3 cyber security service explained:
“Their DNS records were modified to direct them to a phishing site that extracted user wallets.”
Crypto investigator ZachXBT reports that funds are being stolen from Galxe. Exploit-linked wallet ZachXBT continued to raise funds after Galxe's website came back online, hovering around $160,000 at 17:15 UTC, according to DeBank.
ZachXBT pointed out the connection between the Galxe exploit and the party that attacked the Balancer protocol on September 19th. This is the second attack on Balancer in less than a month.
Once you connect to Galxe, you will be asked to approve. If you approve by logging into WEB3 as usual, all assets will be removed. Please RT and spread the word. pic.twitter.com/W51Bdd78KU
— ZORBA۞ (@OHhorba) October 6, 2023
The second attack on the balance resulted in a loss of $238,000. The Balance team attributed the incident to a social engineering attack on a DNS server by a crypto wallet leaker called Angel Drenner. Blockchain security firm SlowMist has suggested that the attacker has ties to Russia.
148 thousand dollars stolen by Galxe hacker.
The hacker is using the same smart contract on 10 networks:
0x0000d38a234679F88dd6343d34E26DCB50C30000
Please revoke this smart contract ASAP:
❍ Ethereum❍ Optimism❍ Arbitrage❍ BNB Chain❍ Foundation❍ Polygon❍… pic.twitter.com/I9SN3FfPYF
— FIP Crypto (@FIP_Crypto) October 6, 2023
According to a recent report from security platform Immunefi, losses on Web3 projects increased significantly in the third quarter of this year compared to Q3 2022. Attacks rose from 30% to 76% year over year, and losses reached $686 million in Q3 2023. The biggest loss during that period was on September 25th at Mixin Hack.
At 21:25 UTC, a Galx spokesperson contacted Cointelegraph to provide a statement that will be posted on X later. We will bring it online once the correct DNS records are distributed globally. As long as no transaction has been made on Galxe in the last 8 hours, your funds and information are safe. […] On October 6th at 9am PST we reclaimed domain ownership and improved account security by [domain registrar service] Dynadot […] We have spoken with the appropriate law enforcement agencies in our efforts to resolve this situation.
Magazine: $3.4B Bitcoin in a Popcorn Can: The Story of the Silk Road Hacker
October 6, 21:45 UTC Update: This article has been updated to include a statement from Gaxe.
