dYdX’s version 3.0 website has been compromised in a DNS attack, but the version 4.0 on Cosmos remains secure. Users are advised to avoid visiting the site or clicking links until further notice.
Points
- dYdX v3.0 website compromised in a DNS attack; v4.0 on Cosmos unaffected.
- Users warned against visiting the compromised website or clicking any links.
- Attack targeted the web domain, not the underlying smart contracts.
- A phishing website was set up to steal users’ tokens through malicious transactions.
In a recent security breach, the decentralized exchange (DEX) dYdX’s version 3.0 website has been compromised in a DNS (Domain Name System) attack. The exchange has warned users against visiting the compromised website or clicking any links until further notice. Fortunately, the version 4.0 on Cosmos has not been affected and continues to function normally.
The attack specifically targeted the web domain of dYdX v3, exploiting its DNS settings to redirect users to a phishing website. This malicious site mimics the original and prompts users to authorize transactions, ultimately stealing their valuable tokens. It’s important to note that the attack did not breach the underlying smart contracts, maintaining the security of the decentralized trading platform itself.
The phishing website set up by the attackers aims to deceive users into approving malicious transactions via the PERMIT2 protocol, which allows them to pilfer the users’ tokens. A member of the official dYdX Discord channel explained that the attacker has taken over the v3 domain and deployed a copycat website. This malicious site requests users to connect their wallets and approve transactions, leading to the theft of their most valuable assets.
https://x.com/dYdX/status/1815780835473129702
https://x.com/dYdX/status/1815791754756423773
解説
- The DNS attack on dYdX v3 highlights the vulnerabilities in web domain security, even for decentralized platforms.
- Users should be cautious and follow official updates to avoid falling victim to phishing attacks.
- The incident underscores the importance of robust security measures for web domains and user education on identifying phishing attempts.
- The quick response from dYdX and their advisory to users demonstrate the proactive steps being taken to mitigate the impact of the attack.
- This event serves as a reminder for all cryptocurrency users to remain vigilant and prioritize security practices in their online activities.