Decentralized Finance Projects at Risk After DNS Attack

After the attack on DNS records hosted on the Squarespace web hosting, about 228 decentralized finance (DeFi) projects were at risk. According to Decrypt, the CEO of Blockaid, Ido Ben-Natan, reported that the incident affected major DeFi platforms like Compound Finance and Celer Network on July 11.

Users of these services were redirected to phishing pages as a result of the attack, which experts believe was made possible by capturing DNS requests. Attackers redirected traffic to IP addresses associated with a malicious tool known as Inferno Drainer.

Ben-Natan highlighted that their infrastructure, covering both blockchain and off-chain components such as smart contracts and cryptocurrency wallets, allowed for the use of this malicious solution. Inferno Drainer can automatically steal funds from users’ accounts after they sign malicious transactions, enabling cybercriminals to deplete victims’ wallets.

Blockaid’s co-founder stated that the group has been actively exploiting vulnerabilities in DeFi protocols for some time, and the use of a unified malicious infrastructure simplifies tracking and identifying their attacks. This could lead to more effective protection and prevention of similar threats in the future.