Blockchain interoperability platform Celer network recently fell victim to a DNS attack. According to etherscan data, the exploit may have seen the perpetrators make off with about 128 ETH (roughly $240,000).
Celer Network Shuts Down cBridge
The Celer team alerted users to the breach via a tweet yesterday. In the post, they explained that they had spotted abnormal DNS activity on the frontend for their multi-chain project the cBridge. The team informed the community members that an investigation was underway and advised them against using the bridge.
Later on, Celer halted all operations on the bridge and shared a thread outlining the findings from their probe. According to their report, the attacker hijacked the cBridge UI to redirect users to malicious smart contracts. Users that fell victim to the attack saw the compromised smart contracts empty their token balances.
📢(1/n)A DNS cache poisoning attack on cBridge’s frontend UI appprox. during 08/17 07:45pm to 10:00 pm UTC caused some users to be redirected to malicious smart contracts that can drain all approved token amount. FIRST, PLEASE check&revoke any approval to the followings:
— CelerNetwork (@CelerNetwork) August 18, 2022
Besides halting operations, Celer shared several smart contract addresses and warned users to revoke approvals for them. Their list included contracts from Ethereum (ETH), Polygon (MATIC), Avalanche (AVAX), Binance Smart Chain, Fantom, and Optimism among others.
Celer Minimizes Losses Through Quick Response
According to the investigation, the breach went on from 07:45 pm to 10:00 pm UTC yesterday. However, as the post pointed out, the Celer devs swiftly took charge and were able to minimize the damages.
Reportedly, only a small portion of the network’s user base fell victim to the DNS attack. In their tweet, the team promised to fully compensate affected users for their losses during the incident. They also shared plans to bring the front end back online and have since followed through.
Celer’s cBridge’s frontend UI is up and running once more and the network has implemented additional security measures. The initial report took care to note that the attack did not affect the Celer protocol and smart contracts.
Celer protocol and smart contracts are not affected. Celer DNS root record was not compromised and was never modified.”
Bridge Attacks On the Rise
The network’s team has compared the incident to a recent attack on the liquidity platform Curve finance. About a week ago, perpetrators targeted the platform’s external DNS providers to compromise its front end. The breach saw Curve suffer losses of about 363 ETH worth approximately $617,000 then.
Celer’s report highlighted a growing trend of such attacks and contained a warning for the general blockchain community.
Reminder: DNS poisoning can happen to any DeFi app frontend regardless of the protocol’s own security and we strongly suggest the entire blockchain community to turn on Secure DNS option in your web browser to reduce such possibility to get affected.”
Notably, a recent Chainalysis release confirmed that cross-chain bridge attacks have been behind 69% of all stolen crypto. Reportedly, the industry has lost over $2B in 2022 to bridge attacks alone. Ethereum co-founder Vitalik Buterin shared his distaste for cross-chain bridges at the start of the year.
Buterin noted security risks as his primary reason and noted that while he sees a multi-chain future, it likely won’t cross-chain.