We do the research, you get the alpha!
Get exclusive reports and key insights on airports, NFTs and more! Sign up for Alpha Reports now and step up your game!
Go to Alpha Reports
In the wake of recent DNS hacking attacks on decentralized finance (DeFi) protocols, new insights into the extent and nature of the breach have emerged.
The event is highlighted in various ways SourcesIt includes attackers targeting DNS records hosted on Squarespace, including a blockchain security firm.
Those records were redirected to IP addresses associated with known malicious activity, said Ido Ben Nathan, Blockade's founder and CEO. Decrypt.
Ethereum-based DeFi protocol Compound and multi-chain communication protocol Celer Network It made an impact on Thursday, with its respective front-end redirecting visitors to a page that withdraws money from connected wallets.
While the full extent of the hack is not yet known, approximately 228 frontends of the DeFi protocol are still at risk, Ben Nathan said.
“The Inferno Drainer association is transparent as a shared onchain and offchain infrastructure,” Ben-Nathan said. “This includes onchain wallet and smart contract addresses, as well as offchain IP addresses and domains connected to Inferno.”
The Inferno Drainer Wallet Kit allows cybercriminals to steal money from unsuspecting users. It operates by asking users to sign malicious transactions that give the attacker control over their digital assets.
After the transaction is signed, the drain tool quickly transfers the money from the victim's wallet to the attacker's address. The tool is usually operated by phishing websites or hacked domains.
The Inferno Drainer team has been active for some time targeting various DeFi protocols and exploiting various vulnerabilities. Using shared infrastructure makes it easier for security companies to track and detect related attacks, something Ben-Nathan is quick to point out.
“Blockaid can track the addresses,” he said. “Our team is working closely with the community to have an open channel for reporting affected sites.
By creating verified onchain records for domains, it can provide an additional layer of protection for browsers and other systems to check, which can help offset the risk of DNS attacks.
So said Matthew Gould, founder of Web3 domain provider Unstoppable Domains, in a post on Thursday. X.
DNS records can be configured not to be updated unless a verified onchain signature is provided, he said.
Currently, to change DNS records for Web3 domains, users must provide a verification signature before the update can be made.
Although this does not use an onchain mirror host, it still requires user identity verification for updates, says Gold.
A new feature may be added where DNS updates require a signature from the user's wallet. This makes it very difficult for hackers because they have to hack both the registrar and the user separately, the founder said.
Daily Debrief Newspaper
Start every day with top news stories, plus original features, podcasts, videos and more.