{"id":61000,"date":"2023-10-06T14:49:33","date_gmt":"2023-10-06T18:49:33","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=61000"},"modified":"2023-10-06T14:52:50","modified_gmt":"2023-10-06T18:52:50","slug":"web3-platform-galxe-protocol-experiences-dns-attack","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/web3-platform-galxe-protocol-experiences-dns-attack\/","title":{"rendered":"Web3 Platform Galxe Protocol Experiences DNS Attack"},"content":{"rendered":"\n

On October 6, the website of Web3 community<\/a> platform Galxe was inactive for approximately an hour. Galxe reported on X (Twitter) that its website was down; although it has been restored, the company still warns against using it. <\/p>\n\n\n\n

\"Web3
Web3 Platform Galxe Protocol Experiences DNS Attack<\/figcaption><\/figure>\n\n\n\n

Forty minutes later, it posted an update verifying that a security breach had compromised the company's Domain Name System (DNS) record. It advised against visiting its website until the issue is resolved.<\/p>\n\n\n\n

At the time of writing, Galxe has yet to confirm that its website is secure again. Some X-posters reported that Google had barred the website after its restoration.<\/p>\n\n\n\n

\n

Dear Galxe Community,

We recognize the impact that recent events have had upon our users and are quickly working to take remedial action. The Galxe security team continues to take an aggressive approach to protect your data, funds and digital assets.

Steps You Should Take:
\u2757\ufe0fDo\u2026<\/p>— Galxe (@Galxe) October 6, 2023\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a><\/blockquote>

An explanation of a Web3 cybersecurity service:<\/p>\n\n\n\n

\n

\u201cTheir DNS records have been modified to redirect to a phishing web-site that drains users wallets.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n

ZachXBT, a crypto-detective, has reported that Galxe is the victim of a theft. After the Galxe website was brought back online, the wallet linked to the exploit by ZachXBT continued to collect funds, and at 17:15 UTC, its balance hovered around $160,000.<\/p>\n\n\n\n

ZachXBT suggested connecting the Galxe exploiter and the September 19 Balancer protocol attacker. This was the second attack against Balancer <\/a>within a month.<\/p>\n\n\n\n

\n

\ud83d\udea8Once you connect to Galxe, you will be prompted for approval.
If you approve by logging in to WEB3 as usual, all assets will be removed.
Please RT and spread the word. pic.twitter.com\/W51Bdd78KU<\/use><\/svg><\/span><\/a><\/p>— ZORBA\u06de (@OHzorba) October 6, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

The second attack on Balancer resulted in $238,000 in damages. The Balancer team described the incident as a social engineering attack by Angel Drainer, a crypto wallet<\/a> drainer on its DNS server. SlowMist, a blockchain security company, suggested that the perpetrator had ties to Russia.<\/p>\n\n\n\n

\n

$148k has already been stolen by the Galxe hacker.

The hacker is using the same smart contract on 10 networks:

0x00008c6dc619b0ea53dd8d02b58bb726afc40000

Please revoke this smart contract ASAP on:

\u274d Ethereum
\u274d Optimism
\u274d Arbitrum
\u274d BNB Chain
\u274d Base
\u274d Polygon
\u274d\u2026 pic.twitter.com\/iUyAenfJPu<\/use><\/svg><\/span><\/a><\/p>— FIP Crypto | Footprint (@fipcrypto) October 6, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

According to a recent report from the security platform Immunefi<\/use><\/svg><\/span><\/a>, Web3 initiatives suffered a significant increase in losses during the third quarter of this year compared to the same period in 2022. <\/p>\n\n\n\n

In the third quarter of 2023, attacks increased from 30% to 76% year-over-year, and losses approached $686 million. September 25 Mixin breach resulted in the period's most significant loss.<\/p>\n","protected":false},"excerpt":{"rendered":"

On October 6, the website of Web3 community platform Galxe was inactive for approximately an hour. Galxe reported on X (Twitter) that its website was down; although it has been restored, the company still warns against using it. Forty minutes later, it posted an update verifying that a security breach had compromised the company’s Domain […]<\/p>\n","protected":false},"author":1,"featured_media":61007,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[9619],"tags":[16669,16668,6795],"class_list":["post-61000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web3-news","tag-dns-attack","tag-galxe-protocol","tag-web3-2"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/10\/image-20.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/61000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=61000"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/61000\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/61007"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=61000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=61000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=61000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}