Decentralized finance users (DEFI) were alerted yesterday to a new vector of fraud, in which the crooks support the websites of abandoned projects in order to attract former users to report malicious “draining” transactions.
The warning came from 0xngmi, the pseudonym founder of the Defillama analysis platform, which confirmed that expired areas were deleted from the platform and the extension of its browser, but urged users to be cautious, however.
Read more: compound and celer network finance websites are compromised in “frontal” attacks
This passive tactic differs from more common scam methods, which generally require active participation of the crooks themselves. By taking control of a legitimate URL, the scam is based on former users who come back to interact with familiar websites (probably put in Previously, it had been submitted when the project was still active.
In the absence of a team which remains on the alert for the violation of security or to replace the malicious interface, there is not much to do on these Defi website traps well placed other than to carefully check any transaction to sign.
A member of the Maker / Sky community underlines that the official domain name of the manufacturer now missing Sub-Dao Sakura is currently available for a penny.
Read more: Drama Maker Dao escaped in the midst of the proposal to tackle the “governance attack”
What are frontal attacks?
Unlike the centralized crypto exchanges of closed source, the protocols DEFI operate directly on blockchains such as Ethereum or Solana.
The vast majority of users interact with DEFI protocols via the project website, or front-end, a friendly interface that manufactures transactions to sign via a cryptographic portfolio. It is technically possible to carry out transactions using other tools, including block explorers like Etherscan, but it is rare.
Unsurprisingly, the fronts themselves are a vector of attack for potential pirates. A common approach, which led to a wave of incidents last summer, is to Compromise the official website via social engineering of DNS suppliers.
The sites are generally cloned, but the transactions presented to the user are modified, for example, to grant approvals of tokens or send funds directly to the attacker.
A simpler tactic implies a similar cloning of legitimate sites, but hosting them via similar appearance URLs or obscured or “usurped” hyperlinks on X or Google.
Read more: Each British MP hated X since Elon Musk took control
Of course, some front losses are not at all scams. Rather, it is vulnerabilities in the code of the site that can be used by hackers. This was the case in the $ 2.6 million dollar misadventure on Friday on the Defi Morpho loan platform, which was fortunately in advance by Mev Bot C0feebabe.eth well known.
Frontal attacks – The tip of the iceberg
These attacks, which generally target individual users, are different from the other threats facing users of DEFI platforms, such as the exploits of intelligent contracts themselves and private compromises. These often lead to greater losses when the active ingredients hosted in project contracts are drained at the same time.
This week, these two types of incidents have caused significant losses. Yesterday, Zksync announced that $ 5 million in remaining ZK tokens from the project air card had been torn off, after a 1-OF-1 seems to have been compromised.
Monday, decentralized Perps Exchange Kiloex has lost $ 7.5 million Due to a vulnerability in the Oracle of the Project Prize.
Another risk comes from the teams themselves, which often control huge amounts of token in their project. As we have seen in recent days, the teams can withdraw liquidity at a whim or sell over -the -counter tokens, which can lead to wild price fluctuations when lever -effect positions on overvalued tokens explode, or even get hacked.
Read more: Mantra CEO says that “reckless” exchanges have caused the collapse of the tokens OM
A final threat from the interior comes from members of the malicious team, whether they are North Korean infiltrators or simply a “harmful developer”, as the roar claimed after approximately $ 780,000 I disappeared from a stolen door earlier during the day.
Do you have a tip? Send us an email safely via protos leaks. For more enlightened news, follow us XBluesky and Google News, or subscribe to our YouTube channel.
