Celer Network’s cBridge Frontend Hit By DNS Hijack

HomeDeFi News
Share this article
Subscribe for weekly updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
“A DNS cache poisoning attack on cBridge’s frontend UI approx. during 08/17 07:45pm to 10:00 pm UTC caused some users to be redirected to malicious smart contracts that can drain all approved token amount.”

Level 2 scaling protocol Celer Network is the latest target of crypto hacking as the platform reports seeing potential signs of a DNS hijack of its cBridge frontend. This makes Celer Network the second victim of a DNS hijack, as Curve Finance was hit by a similar breach at the beginning of the month when the hackers escaped with over $520K from the platform.

Earlier today, the platform revealed its frontend was compromised by a DNS attack which directed Celer Network users to a fake webpage containing malicious contracts. Celer Network uploaded ten of these contracts on Twitter and asked its users to revoke their token approvals. The tampered contracts requesting token approvals include Ethereum, Avalanche, Aurora, and Aster contracts, among others.

In a follow-up to the original tweet, Celer Network clarifies that the Celer protocol and smart contracts remained unaffected by the attack. Moreover, the platform’s root DNS remained uncompromised as the perpetrators targeted third-party DNS providers.

Fortunately, Celer reports only a tiny percentage of users were affected by the hijack, and the cBridge frontend UI is now up and running, with additional monitoring to increase security. Lastly, Celer Network cautions its users to always verify contract addresses as DNSSEC features are rarely implemented on DeFi apps, which makes it easier to carry out DNS poisoning attacks. 

Written by
Ayush Pande
“A DNS cache poisoning attack on cBridge’s frontend UI approx. during 08/17 07:45pm to 10:00 pm UTC caused some users to be redirected to malicious smart contracts that can drain all approved token amount.”

Level 2 scaling protocol Celer Network is the latest target of crypto hacking as the platform reports seeing potential signs of a DNS hijack of its cBridge frontend. This makes Celer Network the second victim of a DNS hijack, as Curve Finance was hit by a similar breach at the beginning of the month when the hackers escaped with over $520K from the platform.

Earlier today, the platform revealed its frontend was compromised by a DNS attack which directed Celer Network users to a fake webpage containing malicious contracts. Celer Network uploaded ten of these contracts on Twitter and asked its users to revoke their token approvals. The tampered contracts requesting token approvals include Ethereum, Avalanche, Aurora, and Aster contracts, among others.

In a follow-up to the original tweet, Celer Network clarifies that the Celer protocol and smart contracts remained unaffected by the attack. Moreover, the platform’s root DNS remained uncompromised as the perpetrators targeted third-party DNS providers.

Fortunately, Celer reports only a tiny percentage of users were affected by the hijack, and the cBridge frontend UI is now up and running, with additional monitoring to increase security. Lastly, Celer Network cautions its users to always verify contract addresses as DNSSEC features are rarely implemented on DeFi apps, which makes it easier to carry out DNS poisoning attacks. 

Written by
Ayush Pande