Front-end websites of numerous protocols in the world of decentralized finance (DeFi) have recently become a target of hackers, who are trying to steal funds. Last Thursday, Convex Finance became the latest DeFi protocol that had its website hijacked. Since then, it has urged its users to do their due diligence when it comes to checking the addresses for approving contracts. The protocol offers stakers and providers of Curve liquidity good rewards.
According to the statistics, Convex has a total value locked (TVL) of about $3 billion, which makes it the sixth-largest protocol in the DeFi space. A tweet was made by angel investor Alexintosh on June 23rd in which he said that the protocol was asking users to give their approval for a smart contract address that was unverified.
This was an indication that the website of Convex Finance may have been infiltrated by a hacker for executing a DNS spooking attack. Users can take advantage of Domain Name Servers for accessing a website through a simple web address which saves them from having to type the entire IP address of every website they want to visit. This makes it easy to use the internet.
Later, Convex Finance confirmed that the hijacking had happened and some users had ended up approving malicious contracts. Two alternative domain names were launched by the protocol that can be used for accessing it as a precaution, while it conducts an investigation into the hijack. Owners who had been spoofed were asked to get in touch with the Convex team via their Discord channel, or Twitter DM. It also stated that user funds were safe.
Users were urged to take precautions when conducting crypto transactions and to verify each address before they execute any. Experts have said that even trusted websites are being hacked and this leads to mistaken approvals. DogeBonk, the meme token, tweeted that Domain Name System Security Extensions (DNSSEC) should have been used by Convex for adding cryptographic authentication to minimize the risk of spoofing attacks. The protocol’s native token remained mostly unaffected, as it saw a rise of 2.5%.
It should be noted that Convex is not the first DeFi protocol that has dealt with a DNS hijacking attack. Back in March this year, PancakeSweep and Cream Finance had also had their websites compromised by these DNS spoofers. The front-end websites of these protocols asked users to provide their seed phrase after the attack.
Once the users entered their seed phrase, the attackers would be able to control their wallets and steal their funds. A front-end attack had also occurred on BadgerDAO in December last year, which saw its users lose a whopping $130 million. The protocol’s API key for its website security service Cloudflare had been compromised. This allowed the attacker to intercept transactions of the users and ask them to approve addresses that were under their control.
These incidents are only adding to the troubles of DeFi, as it is struggling to keep up with the downturn in the crypto market.