The Domain Name Server (DNS) of the decentralized staking platform, Convex Finance, was targeted in the latest spoofing exploit.
- Angel investor Alexintosh first ដាក់ទង់ that Convex Finance was asking for user approval to an unverified smart contract address on July 23rd.
- This suggested that a malicious entity may have sneaked into Convex Finance’s website to carry out a DNS spoofing attack.
- Following the incident, the staking platform បានបញ្ជាក់ the hijack of its DNS that led users to unassumingly approve malicious contracts for some interactions on the website.
- Convex then បានប្រកាស setting up two alternative domain names and asked users to use these URLs to interact with the site while they conduct the investigation.
- The platform marked five wallets affected by the exploit. The team, however, revealed that funds on verified contracts were not affected.
- The exploiter sent the stolen funds to a “Convex Phisher Deposits” flagged កាបូប flagged that shows a small amount of crypto from the affected users before moving most of it to the coin mixer, Tornado Cash, to hide the tracks.
- Convex Finance said that it will publish a detailed post-mortem report soon.
- Furthermore, a crypto tracking and compliance platform MistTrack បានបង្ហាញ that Ribbon Finance, a decentralized structured products protocol, also suffered a DNS hijacking attack, wherein a victim reportedly lost 16.5 WBTC. On-chain analysis suggests that it was the same attacker as Convex.
Binance ឥតគិតថ្លៃ 100 ដុល្លារ (ផ្តាច់មុខ): ប្រើតំណនេះ ដើម្បីចុះឈ្មោះ និងទទួលបាន $100 ឥតគិតថ្លៃ និងថ្លៃសេវា 10% លើ Binance Futures ខែដំបូង (លក្ខខណ្ឌ).
ការផ្តល់ជូនពិសេសរបស់ PrimeXBT៖ ប្រើតំណនេះ ដើម្បីចុះឈ្មោះ និងបញ្ចូលលេខកូដ POTATO50 ដើម្បីទទួលបានប្រាក់រហូតដល់ 7,000 ដុល្លារលើការដាក់ប្រាក់របស់អ្នក។
Source: https://cryptopotato.com/convex-finance-launches-two-urls-after-spoofing-exploit/