24 Jun Convex Finance Launches Two URLs After Spoofing Exploit
The Domain Name Server (DNS) of the decentralized staking platform, Convex Finance, was targeted in the latest spoofing exploit.
Angel investor Alexintosh first flagged that Convex Finance was asking for user approval to an unverified smart contract address on July 23rd.
This suggested that a malicious entity may have sneaked into Convex Finance’s website to carry out a DNS spoofing attack.
Following the incident, the staking platform confirmed the hijack of its DNS that led users to unassumingly approve malicious contracts for some interactions on the website.
Convex then announced setting up two alternative domain names and asked users to use these URLs to interact with the site while they conduct the investigation.
The platform marked five wallets affected by the exploit. The team, however, revealed that funds on verified contracts were not affected.
The exploiter sent the stolen funds to a “Convex Phisher Deposits” flagged wallet flagged that shows a small amount of crypto from the affected users before moving most of it to the coin mixer, Tornado Cash, to hide the tracks.
Convex Finance said that it will publish a detailed post-mortem report soon.
Furthermore, a crypto tracking and compliance platform MistTrack revealed that Ribbon Finance, a decentralized structured products protocol, also suffered a DNS hijacking attack, wherein a victim reportedly lost 16.5 WBTC. On-chain analysis suggests that it was the same attacker as Convex.
Post is imported from RSS feed, by one of our guest editors. G6 does not edit or moderate the content. G6 is not responsible for your actions. No rights owned by G6. To remove the post, please email us at [email protected]