The website for dYdX’s version 3.0 has been compromised in an apparent DNS attack, with users warned not to visit the site or click any links until further notice. The v4.0 version on Cosmos remains unaffected.
Points
- dYdX v3 website compromised in DNS attack
- Users warned not to visit the website or click links
- dYdX v4 on Cosmos remains unaffected
- Only the user interface compromised, not the smart contracts
- DNS hijacking attempts against Web3 protocols are becoming common
The website for dYdX’s version 3.0 has been compromised in an apparent Domain Name System (DNS) attack, according to a July 23 social media post from the exchange’s team. Users have been warned not to visit the v3 website or click any links until further notice. However, the team clarified that the v4 version on Cosmos has not been compromised and continues to function normally.
The compromise affects only the user interface of dYdX v3, not the underlying smart contracts, meaning that funds currently deposited should not be at risk. However, users are advised to avoid using the site to attempt withdrawals until the issue is resolved.
Cointelegraph journalists attempted to connect to the compromised website with a test Ethereum account that held no balance. The site responded with an error message stating, “Your wallet is not eligible. Something went wrong. Please try again with an active wallet.” This error message is similar to one seen in a previous phishing scam, suggesting that the compromised site may be attempting to check users’ wallet balances before initiating a malicious action.
This incident highlights the increasing prevalence of DNS hijacking attempts against Web3 protocols. On July 11, both Compound Finance and Celer Network were targeted in similar attacks, with the attacker successfully redirecting Compound’s website to a malicious site that attempted to drain tokens.
解説
- DNS attack: The compromise of dYdX’s v3 website through a DNS attack underscores the vulnerabilities associated with domain name systems and the importance of securing these components.
- User precautions: Users are advised to avoid visiting compromised sites and clicking on links, as these actions can lead to phishing scams or other malicious activities.
- Security measures: The incident highlights the need for robust security measures and vigilant monitoring to protect Web3 protocols from DNS hijacking and similar attacks.
- Industry trend: The increasing frequency of DNS attacks on Web3 protocols indicates a growing threat landscape, necessitating enhanced security practices and user awareness.