Web3 community platform Galxe's website was offline for about an hour on October 6. Galxe reported on X (formerly Twitter) that its website was down at 14:44 UTC, and 40 minutes later confirmed that it had experienced a security vulnerability affecting its Domain Name System (DNS) records. It warned not to access the domain until the situation is corrected.
At the time of writing, Galxe has not confirmed that its website is safe to use again. After the site was restored, some X posters reported that it was blocked by Google.
Dear Galxe Community, We recognize the impact of recent events on our users and are working quickly to remediate them. The Galxe security team continues to take a proactive approach to protecting your data, funds, and digital assets. Steps you should take: ❗️ Do . . .
— Galxe (@Galxe) October 6, 2023
One Web3 network security service explained:
“Their DNS records had been modified to redirect to a phishing site that drained users’ wallets.
Crypto sleuth ZachXBT reported that funds from Galxe were stolen. After the Galxe website came back online, the wallet associated with the breach, ZachXBT, continued to collect funds, hovering around $160,000 at 17:15 UTC.
ZachXBT suggested a connection between the Galxe exploiter and a party that attacked the Balancer protocol on September 19. This was the second attack on Balancer within a month.
Once connected to Galxe you will be prompted for approval. If you log into WEB3 to approve as usual all assets will be deleted. Please RT and spread the word. pic.twitter.com/W51Bdd78KU
— Zorba (@OHzorba) October 6, 2023
The second attack on Balancer resulted in a loss of $238,000. The Balancer team said the incident was a social engineering attack on its DNS server by a crypto wallet drainer named Angel Drainer. Blockchain security company SlowMist said the attacker was linked to Russia.
$148,000 has been stolen by the Galxe hacker. The hacker used the same smart contract on 10 networks: 0x0000d38a234679F88dd6343d34E26DCB50C30000 Please revoke this smart contract ASAP: ❍ Ethereum ❍ Optimism ❍ Arbitrage ❍ BNB Chain ❍ Dock ❍ Polygon ❍… pic.twitter.com/I9SN3FfPYF
— FIP Crypto (@FIP_Crypto) October 6, 2023
According to a recent report from security platform Immunefi, losses to Web3 projects increased dramatically in the third quarter of this year compared to the third quarter of 2022. Attacks rose year-on-year from 30% to 76%, with losses approaching $686 million in the third quarter of 2023. The largest loss during that time was the Mixin hack on September 25.
Magazine: $3.4B in Bitcoin in a Popcorn Jar: The Story of the Silk Road Hacker
Author: Deepchain DCNews
Compiled by: Sister Shen
Twitter: DeepChain
Twitter:https://twitter.com/DeepChainUS
