skip to Main Content
bitcoin
Bitcoin (BTC) $ 76,080.38 1.56%
vested-xor
Vested XOR (VXOR) $ 3,405.08 99,999.99%
ethereum
Ethereum (ETH) $ 2,849.73 6.82%
tether
Tether (USDT) $ 1.00 0.03%
solana
Solana (SOL) $ 195.30 4.58%
bnb
BNB (BNB) $ 599.56 2.32%
usd-coin
USDC (USDC) $ 0.999913 0.09%
xrp
XRP (XRP) $ 0.552466 3.28%
dogecoin
Dogecoin (DOGE) $ 0.192955 0.78%
staked-ether
Lido Staked Ether (STETH) $ 2,849.46 6.84%

Convex Finance Launches Two URLs After Spoofing Exploit

The Domain Name Server (DNS) of the decentralized staking platform, Convex Finance, was targeted in the latest spoofing exploit.

  • Angel investor Alexintosh first flagged that Convex Finance was asking for user approval to an unverified smart contract address on July 23rd.
  • This suggested that a malicious entity may have sneaked into Convex Finance’s website to carry out a DNS spoofing attack.
  • Following the incident, the staking platform confirmed the hijack of its DNS that led users to unassumingly approve malicious contracts for some interactions on the website.
  • Convex then announced setting up two alternative domain names and asked users to use these URLs to interact with the site while they conduct the investigation.
  • The platform marked five wallets affected by the exploit. The team, however, revealed that funds on verified contracts were not affected.
  • The exploiter sent the stolen funds to a “Convex Phisher Deposits” flagged wallet flagged that shows a small amount of crypto from the affected users before moving most of it to the coin mixer, Tornado Cash, to hide the tracks.
  • Convex Finance said that it will publish a detailed post-mortem report soon.
  • Furthermore, a crypto tracking and compliance platform MistTrack revealed that Ribbon Finance, a decentralized structured products protocol, also suffered a DNS hijacking attack, wherein a victim reportedly lost 16.5 WBTC. On-chain analysis suggests that it was the same attacker as Convex.
Loading data ...
Comparison
View chart compare
View table compare
Back To Top