Altcoins Talks - Cryptocurrency Forum

Cryptocurrency Ecosystem => DeFi tokens => Topic started by: Yamane_Keto on July 12, 2024, 02:24:05 PM

Title: More than 220 DeFi Protocols Still ‘at Risk’ From Squarespace DNS Hijack
Post by: Yamane_Keto on July 12, 2024, 02:24:05 PM: Quote from: https://decrypt.co/239524/220-defi-protocols-risk-squarespace-dns-hijack
Inferno Drainer's wallet kit allows cybercriminals to steal funds from unsuspecting users. It operates by prompting users to sign malicious transactions that give the attacker control over their digital assets.

Once the transaction is signed, the drainer kit swiftly transfers the funds from the victim's wallet to the attacker's address. The kit is often deployed through phishing websites or compromised domains.

The Inferno Drainer group has been active for some time, targeting various DeFi protocols and exploiting different vulnerabilities. Their use of shared infrastructure makes it easier for security firms to track and identify related attacks, something Ben-Natan was quick to point out.

Such attacks can be made more difficult by making any DNS updates require a signature from the user's wallet. Thus, hackers will need to hack each device separately, but you should be more careful when linking your wallet to bridges or decentralized finance (DeFi) protocols.
Title: Re: More than 220 DeFi Protocols Still ‘at Risk’ From Squarespace DNS Hijack
Post by: joniboini on July 15, 2024, 12:58:25 PM: I wonder if a simple extension showing the domain IP address can also help mitigate an attack like this. Wouldn't this attack be possible because the DNS redirects the request to phishing websites, so if we compare the IP we should notice they are different? Making our wallets save DNS request history can also bring another problem of privacy IMO.
Title: Re: More than 220 DeFi Protocols Still ‘at Risk’ From Squarespace DNS Hijack
Post by: Yamane_Keto on July 15, 2024, 01:40:42 PM: Quote from: joniboini on July 15, 2024, 12:58:25 PM
I wonder if a simple extension showing the domain IP address can also help mitigate an attack like this. Wouldn't this attack be possible because the DNS redirects the request to phishing websites, so if we compare the IP we should notice they are different? Making our wallets save DNS request history can also bring another problem of privacy IMO.
If humans remembered or focused on IP addresses, we would not need DNS, which is the Domain Name System, which assigns an appropriate domain name to each specific IP address.
The ideal way is to modify the host file on your computer and allow visits to specific IP addresses and block any IP address that is not in the file. browsing experience will be bad but safe.
Title: Re: More than 220 DeFi Protocols Still ‘at Risk’ From Squarespace DNS Hijack
Post by: Stompix on July 15, 2024, 02:51:48 PM: Quote from: Yamane_Keto on July 15, 2024, 01:40:42 PM
If humans remembered or focused on IP addresses, we would not need DNS, which is the Domain Name System, which assigns an appropriate domain name to each specific IP address.

Hihi we will just note down every IP and check it like we do crypto addresses.
After a week we will be all talking 87.17.181.11.34.171.18

Quote from: Yamane_Keto on July 15, 2024, 01:40:42 PM
The ideal way is to modify the host file on your computer and allow visits to specific IP addresses and block any IP address that is not in the file. browsing experience will be bad but safe.

It would be crazy, google itself has about 20 main domains with a ton of IPs, if you plan on still using social media and all 3rd party links on it you will probably waste half a day each month whitelisting IPs, and still even that won't save you if the website itself is compromised and the malware is feed directly.

Unfortunately, the more you secure something the tired you get from actually using that stuff.

SMF 2.0.15 | SMF © 2017, Simple Machines
Enotify by CreateAForum.com
Referrals System by CreateAForum.com
SMFAds for Free Forums | Powered by SMFPacks Social Login Mod