The post dYdX Domain Faces Repeated DNS Hijacking Incidents appeared on BitcoinEthereumNews.com.

Rongchai Wang Jul 26, 2024 03:41 dYdX’s domain suffered multiple DNS hijacking attacks due to vulnerabilities in Squarespace’s OAuth and account recovery protocols, highlighting broader security concerns. dYdX, a prominent decentralized trading platform, recently faced multiple DNS hijacking incidents impacting its domain dydx.exchange. These attacks have raised significant concerns about the security protocols of domain registrars and the broader implications for the crypto industry. Background In 2023, Squarespace acquired the rights to all domains from the now-defunct Google Domains, migrating them over several months. The dydx.exchange domain was transferred on June 15, 2024. However, on July 9, attackers managed to gain access to this domain, changing its DNS Nameservers from Cloudflare to DDoS-Guard. The attack was mitigated by DNSSEC settings, which blocked unauthorized access. OAuth Weakness Exploited Following the initial incident, dYdX worked with Squarespace to restore access and rotated all security credentials. Despite these measures, similar attacks were reported on other crypto-specific domains migrated from Google Domains to Squarespace. SEAL, a crypto security team, initiated an investigation, revealing potential technical vulnerabilities within Squarespace. On July 18, Squarespace confirmed an exploited security issue with OAuth logins, which was fixed by July 12. Despite this, dYdX decided to change domain registrars, though they believed Squarespace had addressed the vulnerability. Account-Recovery Attack On July 23, the dydx.exchange domain was compromised again. Attackers changed the DNS Nameservers and removed DNSSEC settings, hosting a malicious site to steal funds from connected wallets. dYdX collaborated with SEAL and wallet providers like Metamask and Phantom to block the malicious site. Approximately $31,000 was lost by two users during this period. Upon recovery, it was discovered that the attacker had used a social-engineering attack to reset the domain admin email to their own, bypassing 2FA due to Squarespace’s account-recovery process. Squarespace customer service had reset the account…

---

Filed under: News - @ July 27, 2024 4:20 pm