Over 220 DeFi Protocols at Risk After DNS Hijack
Hundreds of DeFi protocols remain vulnerable after a DNS hijacking attack, with attackers redirecting users to malicious sites to steal funds.
Hundreds of DeFi protocol front ends remain at risk following a recent DNS hijacking attack, says blockchain security firm Blockaid. This breach targeted DNS records hosted on Squarespace, redirecting them to malicious IP addresses. The attack impacted several DeFi protocols, including Compound and Celer Network, by redirecting visitors to sites that drained their wallets. Ido Ben-Natan, CEO of Blockaid, noted that around 228 DeFi protocol front ends are still vulnerable.
The attack is linked to the Inferno Drainer group, which uses a wallet kit to steal funds. This kit tricks users into signing transactions that transfer their assets to the attackers. It often uses phishing websites or compromised domains. Ben-Natan emphasized that Blockaid is tracking the addresses of the people involved and collaborating with the community to report compromised sites.
Matthew Gould, founder of Unstoppable Domains, suggested creating verified onchain records for domains to add an extra layer of protection. DNS records should not update without a verified onchain signature. Gould proposed a new feature requiring a signature from the user's wallet for DNS updates. This would make it much harder for hackers, as they would need to breach both the registrar and the user separately.
The attack highlights ongoing vulnerabilities in DeFi and underscores the need for better security measures. Enhanced security protocols, collaboration, and proactive strategies are essential to prevent similar incidents in the future. The DeFi community must work together to strengthen defenses and reduce the risk of future attacks, contributing to a more secure decentralized financial system.