Hackers are increasingly targeting DeFi protocol front-end websites to steal users’ funds.
Convex Finance, a protocol that provides boosted rewards to curve liquidity providers and stackers, cautions users to check their addresses for contract approval after the website is hijacked on Thursday. ..
Spoofing attack
According to DeFi Llama, Convex is the sixth largest DeFi protocol with a total locked value (TVL) of $ 3 billion, despite a 6% drop in TVL over the last 24 hours.
June 23, Angel Investor Alexintosh Tweet Convex Finance has asked users to approve unverified smart contract addresses. This suggests that a hacker may have compromised the Convex Finance website and launched a DNS (Domain Name Server) spoofing attack.
Domain name servers make the Internet easier to use because users can access websites through simple text-based web addresses instead of entering the exact IP address of each website they want to visit.
Later Convex Finance Confirmed That DNS was actually hijacked, and as a result, Some users Falsely approve a malicious contract. Convex launched two Alternate domain name As a precautionary measure, users can access the protocol during the ongoing investigation of DNS hijacking.
The Convex team has asked the owner of the spoofed wallet to contact them via Twitter DM or its Discord channel. He also emphasized that user funds held in validated smart contracts are safe and unaffected.
Security precautions
As a security measure, Twitter user Bret Woods urged us to carefully check the addresses involved in all cryptographic transactions performed by web3 users. “Even on trusted sites, the UI can be hacked, leading to false token approvals,” they say. Said..
Meme Token Doge Bonk Tweet Convex had to use Domain Name System Security Extensions (DNSSEC) to add cryptographic authentication to protect against spoofing attacks.
According to CoinGecko, the price of Convex’s native CVX tokens appears to be unaffected by the incident, rising 2.5% in a single day and trading at $ 4.60.
Hijacking attack
Convex is not the first DeFi project to be hit by a DNS hijacking attack.
March 2021, both Cream finance When Pancake Swap DNS Spoofer reported that he endangered the website. The attack caused front-end websites for both protocols to require users to enter a seed phrase. Entering this phrase allows an attacker to control the user’s wallet and run out of funds.
In December, Badger DAO users lost about $ 130 million in a front-end attack when the API key for their website security service Cloudflare was compromised.attacker Infused A malicious script to Badger’s front end. Intercepts transactions and requires users to approve contracts under the control of hackers.
