– A security researcher has indicated that many crypto enterprises are vulnerable to subdomain hijacking.
– The results come after probes into the Balancer incident and the recent attack against Galxe.
– Cryptocurrency manufacturers must be vigilant and choose reputable domain name registrars to prevent attacks.
The cryptocurrency ecosystem has reported multiple attacks over the past few weeks, with some raising speculation of
inside jobs while others leaving investors in a state of unrest for being unable to access key services such as deposits and withdrawals.
Also Read:
Stars Arena suffers major security vulnerability on its smart contract, loses $2.9 million
Crypto-related exploits and attacks lead to insightful revelation
On October 7, the Avalanche-based protocol and Friend.tech competitor Stars Arena was exploited for the second time in three days, losing up to
$2.9 million while wounds from the previous $1 million loss had not even healed.It added to the list of attacks in the last few months, after Balancer, the Ethereum-based decentralized finance (DeFi) protocol, made headlines.
Balancer domain attack
On September 20,
Balancer frontend was attacked, with the bad actor stealing more than $238,125 from the protocol and sending them to this address associated with ‘Angel Drainer’.This was a Domain Name Server (DNS) attack on the Balancer domain (Balancer.fi), prompting users to approve a malicious contract that will drain their wallets.
This was a month after the August 20 attack on
Balancer V2 pools, affecting at least 4% of Balancer Total Value Locked (TVL).In response, the network asked users to withdraw affected LPs immediately amid the deployment of emergency mitigation measures.
Galxe DNS attack
More recently, web3 community platform Galxe was attacked on October 6, affecting its DNS record through the Dynadot account.With the website going down, the Galxe asked users not to connect their wallets to the platform, sign any transaction, or disconnect their wallets until the situation was resolved.
Update: We’ve detected a security breach affecting the DNS record for “— Galxe (@Galxe)
” through our Dynadot account.
Please refrain from visiting the site from all channels while we are resolving the issue.
Your safety remains our utmost priority.
[October 6, 2023]
The platform’s co-founder Charles Wayn also asked users “[ not to] click on phishing links as it takes time to refresh the cache of DNS.” This was also a DNS attack, with the network indicating that “As long as you did not approve any transaction of the connected wallets on Galxe after 6am PST, October 6th, your funds and info are all secure.”
The— Galxe (@Galxe)
[@Galxe]website is offline.We will bring it back online once the correct DNS records are propagated globally.
As long as you didn’t approve any transaction of the connected wallets on Galxe after 6am PST, October 6th, your funds and info are all secure.
[October 6, 2023]
The latest on the matter is that anyone still encountering the phishing site when accessing the website, should attribute it to DNS propagation.This means the time taken to update DNS records on individual users’ local servers, which varies from place to place.
Crypto enterprises are vulnerable to subdomain/domain hijacking
A security researcher with expertise in web3 has attributed the incidences of DNS attacks to organizations being vulnerable to subdomain hijacking.
⚠️最近 DNS 劫持频发,先有Balancer 被劫持,后有Galxe 被劫持攻击。在分析600 多万份 DNS 记录,通过查看指向云端基础架构的 A 记录和 CNAME,发现许多企业都容易遭受子域名劫持。— 23pds (@IM_23pds)
有 21% 的 DNS 记录指向不解析的内容,这可能会导致各企业容易子域名/域名劫持。…
[October 8, 2023]
The report comes after a deep dive into millions of DNS records and cloud infrastructure of enterprises, revealing chunks of “unresolved content.” This, according to the sleuth, leaves companies vulnerable to subdomain/domain name hijacking.
DNS, short for Domain Name Server, defines the automated system translating internet addresses to the numeric machine addresses used by computers.A DNS attack is, therefore, a cyberattack where the exploiter capitalizes on vulnerabilities in the Domain Name System.They try to deny the DNS service by bypassing the protocol standard function or using bug exploits and taking advantage of flaws.
It is therefore a call to action for cryptocurrency-related firms to exercise vigilance and choose reputable domain name registrars to prevent attacks.
Ethereum development FAQs
What is the next big Ethereum software update?
After the Merge, the Ethereum community is looking at the Sharding upgrade next, which has been slated for sometime later in the year.
The development can be summarized in four words, “scalability through more efficient data storage.” The software update will increase the capacity of the blockchain, widening the amount of data that can be stored or accessed.At the same time, all services running atop the Ethereum blockchain will enjoy significantly reduced transaction fees.
What is the difference between hard fork and soft fork?
A fork is the splitting of a blockchain after developers agree and proceed to implement upgrades.The decision comes after these developers reach a consensus for a software upgrade.The ensuing part will see one part continue with the status as is, while the other one will proceed with new features combined with the former ones.
A hard fork basically entails permanent divergence of a new side chain from the original one, while a soft fork is doing the same, only difference being that it is temporary.
What is EIP-4844?
EIP-4844 is an improvement proposal for the Ethereum network.The upgrade promises reduced gas fees, which is a valuable offering considering the high transaction cost that continues to daunt crypto players.It has been a long-standing concern for the Ethereum network.The proposal is also referred to as “proto-Danksharding,” with an unmatched ability to increase the speed of transactions on the Ethereum blockchain.At the same time, it helps to reduce the transaction cost as everything becomes decentralized.
What is gas in the context of Ethereum?
Gas token is a new, innovative Ethereum contract where users can tokenize gas on the Ethereum network.This means they can store gas when it is cheap and start to deploy the gas once the market has shifted to the north.The use of Gas token helps to subsidize high gas prices on transactions, meaning investors can do everything from arbitraging decentralized exchanges to buying into initial coin offerings (ICOs) early.
Information on these pages contains forward-looking statements that involve risks and uncertainties.Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets.
You should do your own thorough research before making any investment decisions.FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements.It also does not guarantee that this information is of a timely nature.Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress.All risks, losses and costs associated with investing, including total loss of principal, are your responsibility.The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.
The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned.The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations.
The author makes no representations as to the accuracy, completeness, or suitability of this information.FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use.Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.
Join Telegram
Follow us on Telegram
Stay updated of all the news
Recommended Content
Editors’ Picks
Polygon price readies for a 20% climb as MATIC pulls back to correct June 2022 cycle
Polygon attempts a recovery rally for the second time this year, trying to recoup ground lost during the June 2022 cycle.In the midst of an altcoin-driven market downturn, optimism is fueled by speculation that October traditionally proves favorable for trading.
More Polygon news
Ethereum price dip extends, liquidates $10 million in long positions as exchange outflows skyrocket
Ethereum price continues on its load-shedding exercise for the fourth consecutive day, forming a dome-shape as it loses all the ground covered during the late September run, with on-chain data showing profit takers are showing no restraint.
More Ethereum News
Arbitrum price declines 11% as final Security Council voting round approaches
Arbitrum price moves often depend on the broader market cues; however, for the past couple of days, a major external factor has come into play.The ongoing Arbitrum Security Council Elections are preparing for the final round, which is interestingly bearing a negative impact on the altcoin.
More Arbitrum news
SBF urged FTX staff to use Signal app and set message ‘auto delete’ feature, day 3 revelations as Yedidia says
Sam Bankman-Fried (SBF) attended court for day three of the trial, after yesterday’s opening statements, well-shaven and formally dressed, as reported.This time, however, his mother Barbara Fried is in attendance, Blockworks reports.
More Avalanche News
Bitcoin: BTC bearish fractal forecasts correction to $25,000
Bitcoin (BTC) price hovers around $27,600 and shows no directional bias on the daily chart.Liquidity pockets are present in both directions, leaving traders guessing where BTC will go next.
Read full analysis.
