CertiK Names the Reason for DNS Hijacking on DeFi
Millions of digital assets have been stolen by cyber adversaries via DNS hijacking attacks for phishing purposes, targeting users’ wallet seed phrases, or creating deceptive webpages that closely resemble legitimate sites.
Attacks on Domain Name Systems (DNSs) play a crucial role in the internet’s infrastructure, providing insights into security incidents in Web 2 that have directly affected the Web3 industry. However, transitioning to decentralized frontends has emerged as a practical way to tackle these challenges, according to a recent report by CertiK.
DNS Hijacking of DeFi Protocols
DNS hijacking is an attack that targets a core component of Internet infrastructure. It has the potential to render a public DNS service inaccessible in certain scenarios, or it can be employed to reroute users to malicious websites, in other cases.
Typically, the attacker manipulates the DNS by substituting the mapping (DomainName, Legitimate IP) with (DomainName, MaliciousServer IP). This tampering enables them to intercept future users’ DNS queries, directing them to fraudulent websites without the users’ awareness, CertiK explained.
Users inadvertently access these deceitful sites via the compromised servers, exposing themselves to potential phishing attacks and the downloading of malware that can compromise their devices.
CreamFinance and PancakeSwap reported DNS hijacking attacks in 2021, two public RPC gateways offered by Ankr for Polygon and Fantom wallets were compromised via a DNS hijacking attack the following year. During the same period, Cronos-based DEX MM.Finance, Curve Finance, Celer Protocol, Fantom-based SpiritSwap, and Polygon-based QuickSwap also reported frontend breaches as a result of a DNS hijack attack.
These incidents essentially highlighted the significant impact of vulnerabilities in Web2 on the Web3 ecosystem due to the interconnected security of these two domains.
CertiK said that the persistent challenge of DNS credential theft and highlighted vulnerabilities arising from third-party domain service providers pose a significant challenge to Web3 projects. The core Web3 protocols themselves were not inherently flawed; rather, it was the traditional centralized domain infrastructure that left them susceptible to these issues.
CertiK emphasized the need for adopting the combination of IPFS and ENS which demonstrates the potential of decentralized and DLT-based solutions in reducing DNS hijacking attacks. These systems prioritize content authenticity, minimize points of failure, and substantially lower the vulnerabilities associated with centralized control and authority.
“The move towards decentralized infrastructure, along with continuous strengthening of both human and technological defenses, has become essential for the future security of Web3 projects and their users.”