Celer Network cBridge Shut Down Due to Suspected DNS Hijacking
"Interoperability protocol Celer Network has asked its users to revoke the approval for several contracts after shutting down its cBridge over a suspected Domain Name System (DNS) hijacking. According to the project’s initial analysis, there was suspicious DNS activity around 7:00 pm UTC on Wednesday [...]" [Reguerra, E. Celer Network shuts down bridge over potential DNS hijacking. (Accessed August 19, 2022)].
" The platform believes that the exploit is designed to lure users into interacting with some compromised smart contracts and drain users' crypto assets in the process" [Abarikwu, A. Celer Network Shuts Down Multi-chain Bridge Over DNS Exploit. (Accessed August 19, 2022)].
.png)
"Meanwhile, as the platform continues to pinpoint the problem, the team has shut down the cBridge as an initial way to avoid further mishaps and protect users. The platform also advised its users to revoke token approvals for smart contracts on Ethereum, Polygon, Avalanche, BNB Smart Chain, Arbitrum, Astar and Aurora." [Reguerra, supra]. The specific smart contracts for approval revocation are:
- Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8
- BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF
- Polygon: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9
- Avalanche: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
- Arbitrum: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
- Astar: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
- Aurora: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9
[Abarikwu, supra].
"Users can go to the token approval page for each network if they want to revoke the approvals as a precautionary measure while the platform continues to examine the issue and come up with a solution" [Reguerra, supra].
"Celer also issued a reminder which said, 'DNS poisoning can happen to any DeFi app frontend regardless of the protocol’s own security and we strongly suggest the entire blockchain community to turn on Secure DNS option in your web browser to reduce such possibility to get affected.' The company suggested that 'due to low adoption of DNSSEC, we additionally suggest when you are interacting with any DeFi frontend, always verify the contract addresses.” [MetaCrunch. Celer Network Suspects DNS Hijacking, Shuts Its cBridge. (Accessed August 19, 2022)].
In early January, 2022,
Vitalik Buterin, the co-founder of Ethereum (ETH), outlined critical security concerns surrounding cross-chain bridges in the blockchain ecosystem. As told by Buterin, storing native assets directly-chain (Ethereum on Ethereum, Solana on Solana, etc.) provides a certain degree of immunity against 51% attacks [...] However, Buterin continued, that the same level of security does not apply to cross-chain bridges. In the example he raised, if an attacker deposited their own ETH onto a Solana (SOL) bridge to obtain Solana-wrapped Ether (WETH) and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it, it would incur devastating losses on other users whose tokens are locked in the SOL-WETH contract, as the wrapped tokens are no longer backed by the original on a 1:1 ratio. Buterin further outlined how the security exploit could scale negatively as more bridges are added into a cross-chain network. In a theoretical network comprising 100 chains, the high level of interdepency and overlapping derivatives would mean that a 51% attack on one chain, especially a small-cap one, can cause a system-wide contagion.
[Sun, Z. Vitalik Buterin gives thumbs down to cross-chain applications. (Accessed August 19, 2022)].
"Bridge exploits have also increased in frequency in the cryptocurrency industry, costing $2 billion in losses in 2022 alone. Research by blockchain analytics company Chainalysis revealed that Cross-chain bridge attacks have amassed over 69% of the cryptocurrency that was stolen this year, with Q1 leading due to the March Ronin Bridge hack. The majority of the funds lost due to the recent Curve Finance exploit were recovered by cryptocurrency exchange Binance earlier in August. In addition to this, ethical hackers have given the Nomad bridge hack victims back almost $32 million in digital assets. This shows that despite the rising hacking cases there are still good people in the Crypto space" (emphasis added) [Muriuki, L. Celer Network suffered potential DNS new hijacking of cBridge frontend].
Posted Using LeoFinance Beta