On November 21st, the centralized domains of both Velodrome and Aerodrome were hijacked and directed to malicious content.
This attack was caught and mitigated quickly with the support of our security partners — and a plan for how to move forward is now ready.
👇
TL;DR
• The root was an internal security breach at NameSilo
• Decentralized domains remain secure and operational
• Centralized domains with new infra go live next week
• Five leading security firms were consulted
• Users affected by malicious domains qualify for grants
As the industry has grown, attacks on the centralized domain infrastructure of DeFi protocols have become tragically common.
In just the last few years, dozens of top projects have suffered centralized domain attacks from threat actors.
The most common vector for DNS attacks is the social engineering, or compromising, of centralized domain management services.
That is why after consulting with industry leaders we opted to utilize 3DNS which was designed to limit such vectors via multisig control.
While this should have been a security upgrade over even the most robust centralized services, who are only as strong as their weakest human link, it is now clear that that attack vectors in this model remained present.
According to our partners at 3DNS and NameSilo, who are still actively investigating, multisig control was circumvented.
DNSSEC was removed from both domains and a compromised insider at NameSilo was able to redirect the domains to malicious pages.
Thanks to the quick actions of @Blockaid_, @0xGroomLake, @_SEAL_Org, and @FTIConsulting, the attacks were mitigated quickly.
Within 2 minutes of the first known malicious transaction, major wallets such as Metamask and Coinbase Wallet were displaying warnings.
Taking into account the varying propagation times of fixes, the attack was fully mitigated in under 4 hours - and its impact was limited to approximately $700,000 lost by users who connected and signed transactions on the malicious site while it was still active.
Since the attack, 3DNS and NameSilo have been both cooperative and transparent -- and are continuing to investigate root causes and overhauls of their own practices to prevent future issues.
We continue to believe in the future of a robust and secure decentralized domain stack.
However on the advice of our security partners, we have chosen to not bring back up the centralized domains on the same infrastructure.
We appreciate the patience of users of Velodrome and Aerodrome here.
Currently, we are working with our security advisors and executives of some of the top enterprise registrars in order to deliver a solution that meets the unique requirements of one DeFi's most prominent applications.
We expect domains to migrate and re-open next week.
We also plan to give security focused teams the option to download and run the dApps in a fully self-hosted fashion.
This means users will be able to use Velodrome and Aerodrome behind firewalled and private networks with their own RPC endpoints.
Additionally, the Aero + Velo Foundations are working on a plan to offer grants to users proportional to their losses in signing malicious transactions.
These programs will be subject to verification requirements.
For now if you were impacted, please open a ticket in Discord.
For a full timeline of the attack, please review the full report hosted on IPFS that is linked below:
8.16K
122
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.