2 years ago
Celer Network has confirmed the cBridge frontend is up and moving aft halting its activities pursuing a DNS poisoning onslaught connected August 17 that stole $240,000 of users’ funds.
Celer earlier notified users that the beforehand extremity of the cBridge volition beryllium unavailable arsenic the squad is moving to resoluteness the exploit. Shortly after, it confirmed that the contented had been rectified.
cBridge frontend UI is present up again with further monitoring successful place. We powerfully urge assemblage to ever cheque declaration addresses that you are interacting with connected immoderate DeFi apps arsenic DNS poisoning seems to forming a trend. Will ever support assemblage updated! https://t.co/xlrLBNsYU3
— CelerNetwork (@CelerNetwork) August 18, 2022
An attacker had hijacked the cBridge frontend and drained funds from users who gave support to the malicious astute contracts.
We are seeing reports that reflects imaginable DNS hijacking of cbridge frontend. We are investigating astatine the infinitesimal and delight bash not usage the frontend for bridging astatine the moment.
— CelerNetwork (@CelerNetwork) August 17, 2022
After owed investigation, Celer announced that its protocol and astute declaration were not compromised. However, users were advised to cheque and revoke immoderate entree granted to the malicious contracts. Celer besides recommended that users of each protocols crook connected the Secure DNS enactment disposable successful their web browser to assistance mitigate the hazard of aboriginal DNS attacks.
The exploit reportedly claimed $240,000
On-chain tracking from the assemblage allegedly tracked an address utilized by the hacker and recovered that $240,000 was hijacked from the exploit. The attacker has laundered the stolen funds done sanctioned mixing protocol Tornado Cash.
Celer Network stated that lone a tiny information of funds was affected. Celer has pledged to compensate each affected users fully.
DNS poisoning becoming a trend?
Similar DNS poisoning attacks person deed 2 DeFi protocols successful astir a week.
Curve Finance reportedly mislaid $500,000 aft its beforehand extremity was compromised. Users, unfortunately, approved malicious contracts which siphoned their funds. Binance helped retrieve $450,000 of the stolen funds.
Celer has besides noted that DNS attacks could hap to immoderate DeFi app’s frontend careless of its interior security. The increasing inclination of DNS attacks should beryllium a wake-up telephone for DeFi protocols to beryllium connected their defender to forestall aboriginal exploits.
The station Celer Network cBridge resumes cognition aft suffering DNS exploit appeared archetypal connected CryptoSlate.
English (US) 