The blockchain interoperability protocol, Celer Network’s cBridge project, became the target of a DNS hijacking attack.
The team notified the community about suspicious DNS activity on August 17th. After investigation, it was found that the UI hijack was designed to redirect users to interact with the compromised smart contracts and ultimately drain their balances. The cBridge frontend UI was turned off to protect users.
- The attacker was able to drain around 128 ETH (~$240,000) before the exploit was discovered, then transferred to Tornado Cash crypto tumbler.
- Celer revealed that the team managed to respond quickly to the attack. As a result, only a small portion of users are affected. The interoperability platform said it will fully compensate all those affected during the breach and urged users to first revoke approval to the compromised contracts.
“The Celer protocol and smart contracts were not affected during the breach. Celer DNS root record was not compromised and was never modified.”
- The incident comes barely a week after the popular DeFi protocol Curve Finance suffered a frontend attack, which resulted in the hacker draining over half a million dollars worth of Ether.
- The attacker was believed to have raked in approximately 363 ETH (~$617,000 at the time).
- The Celer breach, according to the team, also appears to be similar to that of Curve Finance, which targeted third-party DNS providers/ISPs that are out of the project’s own control domain.
“DNS poisoning can happen to any DeFi app frontend regardless of the protocol’s own security and we strongly suggest the entire blockchain community to turn on Secure DNS option in your web browser to reduce the such possibility to get affected.”