DeFi

DeFi Exchange dYdX v3 Website Hacked in DNS Hijacking Attack

Published

6 months ago

on

Decentralized finance (DeFi) cryptocurrency exchange dYdX announced Tuesday that the website of its legacy v3 trading platform has been compromised.

dYdX also warned users not to visit or interact with the hacked dydx[.] exchange platform and warned against withdrawing assets until the platform is safe to use.

“We have just learned that the dYdX v3 website (dYdX . exchange) has been compromised. Please do not visit the website or click on any links until further notice,” a new incident report on the official status page reads. bed.

“An update will be provided as soon as it is available. Smart contracts on v3 are not compromised and all funds currently in dydx v3 are safe.”

In a post on dYdX’s official Discord server earlier today, a community team member also noted that the attackers had hijacked the crypto platform’s domain and deployed a copycat website that “when users connect their wallets to it, it asks them to approve via PERMIT2 transaction to steal their most valuable token.”

They also shared that the incident is believed to be linked to a wave of DNS hijacking attacks targeting DeFi crypto platforms using the Squarespace registrar, which is partially confirmed by the v3 website incident report, which links the incident to a DNS issue.

“A fix for DNS resolution has been implemented. However, due to caching, the issue may not be resolved for all users yet,” the status page states.

​Like BleepingComputer reportedThe crypto platforms compromised in these Squarespace DNS hijacking attacks are being used to redirect visitors to phishing sites hosting wallet drainers.

The domains (originally registered with Google Domains) became vulnerable after being forcibly transferred to Squarespace last year following an asset purchase agreement with Google.

However, when they transitioned to Squarespace, multi-factor authentication (MFA) was disabled for management accounts (domain owners are warned in a Squarespace support topic). to enable multi-factor authentication after Google Domains migration).

Although it is unclear how the attackers hijack the domains, a report According to security researchers Samczsun, Taylor Monahan, and Andrew Mohawk, threat actors can gain full access by using a valid address tied to domains because Squarespace “does not require email validation to create an account using password authentication (i.e., you can create an account for bill@gates.com without having the email address).”

dYdX said on July 11 that “no vulnerabilities or security issues have been detected to date for http://dydx.exchange or http://dydx.trade,” as first noted Grace Dees, Resonance Security Analyst.

Today’s announcement that the dYdX v3 website was hacked came just after Bloomberg reported that DYdX Trading, the company behind the dYdX derivatives trading software, is in talks with several buyers (including Wintermute Trading and Selini Capital) to sell its legacy v3 software.

Update: dYdX has regained control of dydx.exchange and is advising users to restart their browser and clear the cache before opening the website.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version