ChainCatcher news, in the Space hosted by Wu Shuo and Cobo, Shen Yu recalled for the first time the scene of 12,000 ETH being stolen last year: at that time, Eigenlayer was airdropping tokens, and his physical condition was not ideal. He clicked on a wrong link, which had issues. Although there were risk controls for the domain name and DNS resolution, it was just bypassed. The hardware wallet was a blind sign, and he didn't check it carefully. It was likely North Korean hackers, and it couldn't be recovered. But later, it was found that the safe multi-signature issue was even more serious, with almost every transaction being a blind sign.Shen Yu stated that in the face of national power, trained since his teens, penetrating enterprises, and the challenges of human nature, the industry needs to have a clear awareness. When facing such opponents, even a slight relaxation of human nature is not acceptable; very resilient means and methods are needed, and possibly an independent third party may need to join in security management.Regarding expectations for the market this year, Shen Yu mentioned that it might be in the second half of the year, around June to October, after the U.S. national reserve becomes clearer, that the industry market will see a significant influx of new funds. As for the transition between bull and bear markets, it is difficult to judge; the key depends on whether there will be results from the U.S. national reserve this year. If there are no results, the bull market may end, but at this moment, the probability of it passing is still relatively high.

ChainCatcher message, according to the 2024 annual report published by Cloudflare, in terms of DNS traffic data statistics, Binance ranks 6th in the world among financial service providers and 1st among cryptocurrency service providers.

ChainCatcher news, Coingecko co-founder and COO Bobby Ong posted on the X platform that they are currently experiencing a DNS attack, affecting Squarespace domain registration users. Users are advised not to interact with cryptocurrency and to wait for the issue to be resolved.Bobby Ong stated that a few months ago, Google sold its domain business to Squarespace, which enforced domain migration and removed 2FA verification, resulting in vulnerabilities for this batch of domains, some of which have been hijacked.

ChainCatcher message, the cross-chain interoperability protocol Celer Network stated on social media: "Thanks to our round-the-clock domain security monitoring, an attempt to take over the Celer domain was successfully intercepted. All DNS records have been restored. Our ongoing investigation indicates that the attack vector may involve third parties beyond our control. The Celer team will continue to closely monitor the situation and provide updates as more information becomes available."

ChainCatcher message, the cross-chain interoperability protocol Celer Network stated on platform X: "Please do not visit Celer.network and cbridge.Celer.network. We are investigating a potential DNS domain attack that appears to be targeting multiple projects simultaneously. The Celer system and funds are secure."

ChainCatcher news, according to the governance page, the ENSDAO community has initiated a proposal vote for "Upgrading DNSSEC Support," aimed at promoting ENS Labs to deploy a new version of the DNSSEC oracle and DNS registrar.It is reported that this version combines wildcard resolution (ENSIP 10) and CCIP-Read to achieve the "Gasless DNSSEC" feature, allowing the use of DNS domain names within ENS without the need for on-chain transactions.

ChainCatcher news, ENS chief developer nick.eth stated on X that he has submitted a proposal draft to upgrade the DNSSEC functionality of ENS to support the new Gasless DNSSEC.Gasless DNSSEC will allow anyone with a DNS name to enable it in ENS by setting a DNS text record. Setting the correctly formatted text record will immediately configure the name so that it can be resolved in any application that supports ENS.

ChainCatcher news, according to monitoring by PeckShield, the DNS of the mixed algorithm stablecoin protocol Frax Finance's website is suspected to have been hijacked.According to an earlier report today, Frax Finance officials stated that users should not use the frax.finance and frax.com domains until further notice.

ChainCatcher news, according to the Slow Mist blockchain hacking archive statistics, from October 1 to October 7, 2023, a total of 10 security incidents occurred, with an increase in DNS hijacking attacks and Discord hacking incidents. The specific events are as follows:Galxe (2023-10-06): Unauthorized access obtained through DNS hijacking led to the misappropriation of visitor funds, affecting 1,120 users. Loss: approximately $270,000;MCT (2023-10-06): DNS domain hijacking allowed private keys to be uploaded to a fraudulent domain. Preventive measures are recommended. Loss: not specified;Fake CommEx tokens (2023-10-06): A large amount of liquidity was removed in a rug pull, with the deployer extracting approximately $154,000;friend.tech (2023-10-05): Four users faced SIM swap attacks, resulting in significant losses. Loss: approximately $385,000;Stars Arena (2023-10-05): The platform's smart contract had a major security vulnerability, leading to the theft of a large amount of funds. Loss: approximately $3 million;DePay (2023-10-05): The platform faced a flash loan attack, resulting in relatively small theft. Loss: $827;Metropolis World (2023-10-05): The platform's Discord server was hacked. Loss: unspecified;GEMIE (2023-10-02): The Discord server was hacked, leading to phishing links being shared. Users are advised not to interact. Loss: not specified;VendX (2023-10-02): Another instance of a Discord server being hacked. Loss: not specified;Fake EigenLayer tokens (2023-10-01): A fake token exit scam that brought huge profits to the deployer. Loss: approximately $300,000.

ChainCatcher message, the official Web3 credential data network Galxe states that for those who still see phishing websites when accessing Galxe.com, this is due to DNS propagation, which takes time to update the DNS records on users' local servers, and the time varies globally by individual.

According to ChainCatcher news, monitoring by Beosin's Beosin EagleEye security risk monitoring, early warning, and blocking platform shows that Galxe is suspected to have suffered a DNS hijacking attack, resulting in a large amount of user funds being stolen. The currently reported stolen funds involve multiple cryptocurrencies, primarily sent to the address 0x4103baBcFA68E97b4a29fa0b3C94D66afCF6163d, which has collected over $70,000 in virtual currency. Almost all of the funds were eventually converted to ETH and sent to the address 0x1c0e96Ef2A82b573B826B4138DF9c126AA4d1825, while some funds were sent to the address 0x412f10AAd96fD78da6736387e2C84931Ac20313f, and part of the funds entered FixedFloat. The image shows the fund statistics for the address 0x4103baBcFA68E97b4a29fa0b3C94D66afCF6163d.

ChainCatcher message, Galxe stated on social media that its website is offline and will be back online after the correct DNS records propagate globally. If users do not approve any transactions linking their wallets to Galxe after 21:00 Beijing time on October 6, their funds and information are safe.Galxe uses Dynadot's domain registration service. The domain http://Galxe.com was previously compromised, and an unauthorized individual temporarily controlled the Dynadot account. Galxe regained ownership of the domain at 00:00 Beijing time on October 7 and worked with Dynadot to ensure the security of the account. Preliminary assessments indicate that the total amount of lost funds may be around or less than $200,000.It is reported that the team has been in contact with relevant law enforcement authorities and will soon share a complete report and fund recovery plan.

ChainCatcher message, SlowMist's Chief Information Security Officer 23pds stated that the DeFi liquidity protocol Balancer has encountered a BGP or DNS hijacking attack, reminding users to pay attention to fund security.

According to ChainCatcher news, the Ethereum Name Service (ENS) roadmap shows that the current project is working on Gasless DNS Names (a gasless method of using DNS domains in ENS utilizing CCIP-Read), ENSjs Refactor, and research work on improving the development pipeline.In addition, there are plans to explore ways for ENS to interact with the Layer2 ecosystem, Sign-in With Ethereum (SIWE), improve favorites, and a dark mode for the ENS manager. (Source link)