A recent cybersecurity episode targeting decentralized finance (DeFi) protocols through DNS hijacking has shed light on the potential magnitude and characteristics of the incursion. Various reports, including insights from blockchain security company Blockaid, underline the severity of the incident where attackers manipulated DNS records on Squarespace to reroute to domains known for malicious intent, says Ido Ben-Natan, the co-founder and CEO of Blockaid.
Victims of this assault included Ethereum-based DeFi platform Compound and the Celer Network, a facilitator of multi-chain interoperability. Users visiting their sites on Thursday found themselves redirected to fraudulent webpages designed to siphon funds from their wallets. Although the complete impact of this hijacking is still unfolding, Ben-Natan warns that approximately 228 DeFi protocol interfaces remain at risk.
The connection to the Inferno Drainer collective is undeniable, highlighted by shared onchain and offchain assets, including wallet addresses and domains. Inferno Drainer is notorious for its kit, which deceives users into authorizing transactions that transfer their assets directly to the assailants. Thriving through deceptive webpages or manipulated domains, the kit’s deployment strategy is alarmingly effective.
The engagement of the Inferno Drainer group in various attacks against DeFi protocols, exploiting different vulnerabilities, has been noted. Their shared infrastructure usage aids security analysts like those at Blockaid in tracing and identifying correlating assaults. Ben-Natan emphasizes the importance of community engagement in reporting and addressing compromised entities.
Enhancing defense mechanisms against DNS attacks can include verifying onchain records for domains, providing an additional security layer for browsers and systems to corroborate, explains Matthew Gould, founder of Web3 domain provider Unstoppable Domains. Such measures ensure changes to DNS records are validated through an onchain signature — a process Gould believes can be reinforced by requiring user wallet signature verification, adding a robust barrier against unauthorized alterations and elevating security measures to a formidable level.
Stay informed on this and other pivotal stories shaping the future of finance by subscribing to the Daily Debrief Newsletter. Gain access to premium insights, including top news stories, in-depth features, engaging podcasts, and much more, delivered directly to your inbox.