This week, some applications of decentralized finance (DeFi), including Convex (CVX), have been victims of a domain name service (DNS) attack. Thus, the hacker was able to incite users of these protocols, to grant authorizations to fraudulent smart contracts.
Several DeFi protocols targeted by DNS attacks
This week, several decentralized finance protocols (DeFi) have suffered a hack on their domain name service (DNS). That is to say the service allowing the management of the domain names of a website. In this type of attack, the hacker will try to redirect the visitors of a website to a fraudulent address.
In a very simplified view of the process, it’s like hacking the GPS of a car, so as to take us to a completely different location than the address given.
While this list may not be exhaustive, we do know that Convex (CVX), Allbridge (ABR), DeFi Saver and Ribbon Finance (RBN) were targeted. So when interacting with any of these platforms, users were prompted to grant permission to a malicious smart contract.
In a Twitter thread, Convex reassures the community that at no time were the platform’s legitimate smart contracts compromised. The team also informs potential victims about the permissions to be removed.
What all of these applications have in common is that they were hosting their domain names at Namecheap. According to Allbridge, the provider’s team declined to provide details about how the attack took place.
A particularly ingenious hack
Hacks in DeFi regularly make the news, but DNS attacks are less common. Moreover, this last one was particularly dangerous and ingenious in its operation. Indeed, it seems that the spurious smart contracts started and ended in exactly the same way as the real smart contracts in the platforms.
Given that at the time of a transaction, the vast majority of us simply read the first and last characters of an address, it became easy to be tricked. And for good reason, the hacker(s) used personalized public addresses to pass them off as the original smart contracts.
Some applications allow, in fact, to generate a private key from a personalized public address. Such an event reminds us to be vigilant in our operations, and not to hesitate to consult an address on a blockchain explorer like Etherscan before interacting with it.
If needed, sites such as RevokeCash allow to remove an authorization granted to a smart contract. If the flaws of the latter remain the main causes of hack in the world of DeFi, we must not neglect the other cases.
Indeed, here the attacker has focused directly on the weaknesses of the websites in question, to implement his trap. From then on, only great care could be taken to avoid being fooled.