Some days ago Galxe was hacked, this lead to a lot of users losing their funds when connecting their wallet to their website during the attack. In this case the target was the DNS (Domain Name Server) of the website. The DNS basically links the IP number of the website to a name, making it easier for users to memorize and access websites. When targetting DNS, the hackers were able to take control of it and managed to redirect users to where they wanted to. When users were prompted with a new smart-contract to sign and give access, they thought it was just an update of the original smart-contract of galxe. After signing this contract all the funds would be drained from their wallet. It has to be noted that a wallet is only compromised if the contract was signed.
This is not the first case of a DNS attack and other services were already targetted and succesfully attacked, not so long ago Balancer suffered a similar domain attack that caused almost 250k$ in losses.
It seems like this type of hacks are becoming more common and there's a reason for that, a lot of security measures are not taken when it comes to DNS, there are a lot of systems not updated or with problems that are not resolved for a long time. There's also the need to use reputable domain name services to register a domain name.
The truth is that many crypto websites and services may be vulnerable to this type of attacks and this can propagate in a larger scale if many of them are prone to be attacked. Be very carefull when your usual platform is asking you to sign a new smart-contract that you know you have sign before, questioning what is happening may be a good defense against this type of hacks. Your Defi platform won't ask you to sign an updated smart-contract without announcing it somewhere, always assume that if this happens your funds could be drained.
Hacks and scams are everywhere in this space, the only protection we have against them is our attention to the detail and the knowledge we gain from experience and the experience of others. There's a lot of people that already got scammed, learning from them might save a lot of funds.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments