Hackers are increasingly attacking the front-end websites of DeFi protocols in an attempt to steal users’ funds.
Convex Finance, a protocol that offers enhanced rewards to Curve liquidity providers and investors, is asking users to be diligent in verifying addresses for contract approvals after its website was hacked on Thursday.
Last front-end website attack
Convex is the sixth largest DeFi protocol with a total locked value (TVL) of $3 billion. Despite this, the protocol’s TVL has dropped by about 6% in the last 24 hours, according to data from the DeFi Llama.
On June 23, angel investor Alexintosh tweeted that Convex Finance was asking users to approve an unverified smart contract address, suggesting that a hacker may have infiltrated the site to carry out a DNS spoofing attack. domain names).
Domain name servers allow users to access websites through simple text-based addresses. That is, they don’t have to type in the exact IP address of every website they want to visit. This makes the Internet easier to use.
Then Convex Finance confirmed that their DNS had indeed been hijacked. This resulted in some users mistakenly approving malicious contracts.
As a precaution, Convex has released two alternate domain names from which users can access. Meanwhile, it conducts an investigation into the DNS hijacking.
The Convex team asked the owners of the counterfeit wallets to get in touch via Twitter DM or their Discord channel.
Furthermore, it emphasized that users’ funds in their smart contract remain secure and unchanged.
Twitter user Bret Woods urged web 3.0 users to carefully verify the addresses involved in every crypto transaction they make as a security precaution.
“Even on trusted sites, we see user interfaces being hacked, leading to erroneous token approvals,” he said.
Meanwhile, DogeBonk, a meme profile, tweeted that Convex should have used Domain Name System Security Extensions (DNSSEC) to add crypto authentication and defend against spoofing attacks.
The incident, however, does not appear to have affected the price of Convex’s native CVX token. According to CoinGecko, the token has gained 2.5% in one day and is trading at $4.60.
DNS hijacking attacks
Convex is not, however, the first DeFi project to suffer a DNS hijacking attack.
In March 2021, for example, both Cream Finance and PancakeSwap reported that DNS spoofers had compromised their websites.
The attack resulted in front-end websites for both protocols prompting users to enter their seed phrase. If users entered the data, it would allow the attacker to take control of users’ wallets and drain their funds.
Furthermore, in December, BadgerDAO users lost an estimated $130 million in a front-end attack. This occurred after the API key was compromised to Cloudflare, a website security service.
The attacker injected a malicious script into Badger’s front-end, intercepting transactions and asking users to approve contracts under the hacker’s control.