Reading time: ~2 m
Unknown persons hacked the external shell of the web version of the cross-chain bridge cBridge to forge an address in order to steal user assets
The attackers carried out DNS spoofing* of the cBridge website as a result of which some users could be redirected to a fraudulent smart contract. This was reported on his Twitter page by representatives of the Celer Network.
DNS spoofing is a form of computer network hacking where domain name cache data is altered by an attacker to return a false IP address.
The developers of the cross-chain bridge cBridge urged users to cancel all permissions to interact with smart contracts from August 17. Several addresses on various networks of the project, including Ehtereum, Polygon and Optimism, came under attack.
The Celer Network protocol itself was not changed as a result of the attack. The developers claim that the attackers conducted an attack on a certain intermediary responsible for the DNS of the web version of the cross-chain bridge, but who exactly was in the center of the strike remains unclear.
In addition, Celer Network admitted that some wallets were affected as part of the incident, but they refused to specify the scale of the attack. The developers assured that they would contact all the affected parties to compensate for the lost funds.
As the developers assure, many decentralized finance (DeFi) projects are vulnerable to DNS spoofing due to dependence on web intermediaries. Experts urged caution when issuing permission to the wallet to interact with smart contracts.
Recall that in early August, unknown persons were also able to pull off a similar attack against another project called Curve Finance. According to representatives of the project, scammers managed to compromise the website curve.fi. The developers urged users to revoke contracts approved during the appearance of information on the breakthrough of security systems on the network.
All information contained on our website is published in good faith and objectivity and for informational purposes only. The reader is solely responsible for any actions taken on the basis of information received on our website.
#Crosschain #bridge #cBridge #suffered #DNS #attack