Celer Network has confirmed the cBridge frontend is up and running after halting its activities following a DNS poisoning attack on August 17 that stole $240,000 of users’ funds.
Celer earlier notified users that the front end of the cBridge will be unavailable as the team is working to resolve the exploit. Shortly after, it confirmed that the issue had been rectified.
🌉cBridge frontend UI is now up again with additional monitoring in place. We strongly recommend community to always check contract addresses that you are interacting with on any DeFi apps as DNS poisoning seems to forming a trend. Will always keep community updated! https://t.co/xlrLBNsYU3
— CelerNetwork (@CelerNetwork) August 18, 2022
An attacker had hijacked the cBridge frontend and drained funds from users who gave approval to the malicious smart contracts.
📢📢📢We are seeing reports that reflects potential DNS hijacking of cbridge frontend. We are investigating at the moment and please do not use the frontend for bridging at the moment.
— CelerNetwork (@CelerNetwork) August 17, 2022
After due investigation, Celer announced that its protocol and smart contract were not compromised. However, users were advised to check and revoke any access granted to the malicious contracts. Celer also recommended that users of all protocols turn on the Secure DNS option available in their web browser to help mitigate the risk of future DNS attacks.
The exploit reportedly claimed $240,000
On-chain tracking from the community allegedly tracked an address used by the hacker and found that $240,000 was hijacked from the exploit. The attacker has laundered the stolen funds through sanctioned mixing protocol Tornado Cash.
Celer Network stated that only a small portion of funds was affected. Celer has pledged to compensate all affected users fully.
DNS poisoning becoming a trend?
Similar DNS poisoning attacks have hit two DeFi protocols in about a week.
Curve Finance reportedly lost $500,000 after its front end was compromised. Users, unfortunately, approved malicious contracts which siphoned their funds. Binance helped recover $450,000 of the stolen funds.
Celer has also noted that DNS attacks could happen to any DeFi app’s frontend regardless of its internal security. The growing trend of DNS attacks should be a wake-up call for DeFi protocols to be on their guard to prevent future exploits.