2 months ago
17 ARTICLE AD
The Inferno Drainers group, implicated in the breach, specializes in deploying wallet kits that deceive users into approving harmful transactions.
In recent events impacting decentralized finance (DeFi), more than 220 DeFi protocol interfaces remain at risk after a DNS hijacking incident targeted DNS records hosted on Squarespace.
This attack, attributed to the notorious Inferno Drainer group, redirected users to malicious sites with the intent of siphoning funds from connected wallets.
Extent of the Breach
According to reports from blockchain security firm Blockaid, prominent DeFi projects such as Compound and Celer Network were affected by the breach. Users visiting compromised sites were unknowingly redirected to pages designed to initiate transactions transferring assets to attackers’ wallets.
⚠️ Developing situation – Multiple DeFi front ends are at risk of hijacking, with a few incidents already taking place, with projects like @compoundfinance and @CelerNetwork getting hacked over the past 24 hours.
We will update this thread with details as we go. pic.twitter.com/iWQR0ByIgB
— Blockaid (@blockaid_) July 11, 2024
Compound Finance later issued a warning, advising users against visiting their compromised website or clicking on any suspicious links until further notice. While they have assured users that they’ve resolved the threat, experts advise users to exercise caution across the broader DeFi landscape.
Blockaid’s CEO, Ido Ben-Natan, highlighted the ongoing threat, noting that approximately 228 DeFi protocol interfaces are still vulnerable. He stressed the need for DeFi communities to stay vigilant, despite efforts to mitigate the attack. Ben-Natan urged continuous collaboration and better security measures to protect against future threats, emphasizing the importance of quick responses and stronger defenses to keep user assets safe.
Inferno Drainer Hacking Activities
The Inferno Drainer group, implicated in the breach, specializes in deploying wallet kits that deceive users into approving harmful transactions. These kits are typically distributed through phishing sites or compromised domains, exploiting weaknesses in DNS infrastructure.
Inferno Drainer announced plans to disband in November 2023. Despite this declaration, the group has continued its illicit activities, including a recent botched money laundering attempt via the cryptocurrency mixer Railgun. Reports indicate that the group has stolen approximately $180 million worth of cryptocurrency through various attacks.
DNS Attacks and Recommendations For Security
The Domain Name System (DNS) acts like an internet phonebook, translating website names into computer-friendly addresses. A DNS attack occurs when cybercriminals manipulate this system to redirect users to fake websites instead of legitimate ones.
In response to recent DNS hijacking attacks, users are advised to take proactive steps to safeguard their assets. Bookmarking trusted URLs directly and verifying website addresses can mitigate the risks of landing on fraudulent sites.
Browser extensions like HTTPS Everywhere enforce secure connections, adding protection against DNS-based attacks. In addition, two-factor authentication (2FA) on financial accounts and cryptocurrency wallets adds an extra layer of security.
On the infrastructure end, Matthew Gould, founder of Unstoppable Domains, suggested improving DNS security by implementing verified on-chain records. This method would require authenticated on-chain signatures for DNS updates, significantly enhancing protection against future DNS hijacking attempts.
The recent incident has fueled the debate within the cybersecurity community about the susceptibility of DeFi protocols to sophisticated attacks targeting fundamental internet infrastructure.
