How Can We Avoid DNS Attack
Curve Finance has been attacked on August 10th and attracted great attention.
In this article, DeHacker will work with TrustFi to introduce the whole event.
If you don’t know what is DNS hijacking, click here to learn more about DNS hijacking.
What is Curve Finance?
Curve Finance is a decentralized finance (DeFi) protocol that provides “extremely efficient” stablecoin trading services with low slippage and fees. It is considered a pillar of the DeFi ecosystem, with over $6 billion in total value locked.
What happened?
On August 10th DeFi protocol Curve suffered from DNS hijacking and over $573,000 has already been taken by the attacker.
Curve finance team later made a report about this attack:
“It appears that one customers domain was targeted. Our external provider’s hosted DNS infrastructure was apparently compromised and the DNS records for this domain were changed to point to a cloned web server. Further investigation together with the external provider indicates that it was DNS Cache poisoning rather than any nameservers compromised. This change occurred on 9th August around 7 PM(UTC), servers were taken offline and access restored again around 9 PM(UTC)”
The team alerted its users to stop using the site after they found the nameserver is compromised.
@cz_binance later pointed out that Web3 projects should not use GoDaddy for DNS because it is insecure.
Fortunately, on August 12, Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack.
Curve pointed out that DNS server provider Iwantmyname was likely hacked, adding that they had changed their nameservers, which has now been resolved and will direct users to withdraw from recent contracts.
What can we learn from this exploit?
It is necessary to check the address before confirming the transaction!
About TrustFi
TrustFi is committed to providing decentralized BaaS (Blockchain-as-a-Service) solutions for DeFi market based on multichain environments. A complete set of product portfolios developed by TrustFi, including Decentralized Community Driven Incubator (TrustFi Booster), IDO General Protocol with an insured mechanism (TrustFi LaunchPad), and Automated Farm Pools (AFP) Contract (TrustFi Farmer), which is an important supplement to the DeFi infrastructure built on Web 3.0.
Website | Twitter | Blog | Telegram |
About DeHacker
DeHacker is a team of auditors and white hat hackers who perform security audits and assessments. With decades of experience in security and distributed systems, our experts focus on the ins and outs of system security. Our services follow clear and prudent industry standards. Whether it’s reviewing the smallest modifications or a new platform, we’ll provide an in-depth security survey at every stage of your company’s project. We provide comprehensive vulnerability reports and identify structural inefficiencies in smart contract code, combining high-end security research with a real-world attacker mindset to reduce risk and harden code.
