ChainCatcher news, the DEX Ambient on the Scroll chain announced on platform X that it has fully compensated all victims who recently suffered phishing attacks due to domain hijacking, with payments made in ETH, as there is no secure way to send tokens to these addresses. Users are advised to transfer their assets to a new wallet.ChainCatcher previously reported that the DEX protocol Ambient Finance on the Scroll chain stated on platform X that the domain has been hijacked and is currently working with the banning team and the domain registrar to resolve the issue as soon as possible. The contract is completely secure, and funds are safe. However, please do not interact with the Ambient Finance frontend until further notice.

ChainCatcher message, the DEX protocol Ambient Finance on the Scroll chain stated on platform X that the domain has been hijacked and is currently working with the ban team and the domain registrar to resolve the issue as soon as possible. The contract is completely safe, and funds are secure. However, please do not interact with the Ambient Finance frontend until further notice.

ChainCatcher news, DeFi yield market Pendle has released an analysis of the domain hijacking incident, stating that the website building platform Squarespace purchased all domain registrations and customer accounts from Google Domains in June 2023, leading to domain migration. Recently, attackers exploited a vulnerability in Squarespace to hijack domains hosted on its platform, including Pendle's domain. According to ICANN's policy, these domains will be unable to be transferred from Squarespace to other registrars in about 20 days.Forty minutes after the domain hijacking occurred, the Pendle development team successfully regained full control of the domain and took all necessary measures to ensure normal operations were restored. The Pendle protocol and smart contracts were unaffected, and funds are secure.

ChainCatcher news, according to the Slow Mist blockchain hacking archive statistics, from October 1 to October 7, 2023, a total of 10 security incidents occurred, with an increase in DNS hijacking attacks and Discord hacking incidents. The specific events are as follows:Galxe (2023-10-06): Unauthorized access obtained through DNS hijacking led to the misappropriation of visitor funds, affecting 1,120 users. Loss: approximately $270,000;MCT (2023-10-06): DNS domain hijacking allowed private keys to be uploaded to a fraudulent domain. Preventive measures are recommended. Loss: not specified;Fake CommEx tokens (2023-10-06): A large amount of liquidity was removed in a rug pull, with the deployer extracting approximately $154,000;friend.tech (2023-10-05): Four users faced SIM swap attacks, resulting in significant losses. Loss: approximately $385,000;Stars Arena (2023-10-05): The platform's smart contract had a major security vulnerability, leading to the theft of a large amount of funds. Loss: approximately $3 million;DePay (2023-10-05): The platform faced a flash loan attack, resulting in relatively small theft. Loss: $827;Metropolis World (2023-10-05): The platform's Discord server was hacked. Loss: unspecified;GEMIE (2023-10-02): The Discord server was hacked, leading to phishing links being shared. Users are advised not to interact. Loss: not specified;VendX (2023-10-02): Another instance of a Discord server being hacked. Loss: not specified;Fake EigenLayer tokens (2023-10-01): A fake token exit scam that brought huge profits to the deployer. Loss: approximately $300,000.

According to ChainCatcher news, monitoring by Beosin's Beosin EagleEye security risk monitoring, early warning, and blocking platform shows that Galxe is suspected to have suffered a DNS hijacking attack, resulting in a large amount of user funds being stolen. The currently reported stolen funds involve multiple cryptocurrencies, primarily sent to the address 0x4103baBcFA68E97b4a29fa0b3C94D66afCF6163d, which has collected over $70,000 in virtual currency. Almost all of the funds were eventually converted to ETH and sent to the address 0x1c0e96Ef2A82b573B826B4138DF9c126AA4d1825, while some funds were sent to the address 0x412f10AAd96fD78da6736387e2C84931Ac20313f, and part of the funds entered FixedFloat. The image shows the fund statistics for the address 0x4103baBcFA68E97b4a29fa0b3C94D66afCF6163d.

ChainCatcher news, according to SlowMist Intelligence, balancer.fi is currently under a BGPHijacking attack. Accessing the website and linking a wallet may result in a phishing attack. According to CloudFlare's BGP Origin Hijack-17957, the ASN victim list includes AS13335, which is associated with balancer.fi. Currently, accessing the website will trigger a phishing security warning from CloudFlare.Here is the analysis of this incident by the SlowMist security team:Query the DNS resolution records of the domain balancer.fi (https://bgp.tools/dns/balancer.fi). The A records show addresses 104.21.37.47 and 172.67.203.244. The BGP AS region number for these two IP addresses is AS13335, which belongs to CloudFlare.According to CloudFlare's records (https://radar.cloudflare.com/routing/anomalies/hijack-17957), AS13335 is on the list of ASs involved in the BGP Origin Hijack attack.It was found that the HTTPS certificate for balancer.fi has been replaced with the attacker's certificate.Currently, accessing https://app.balancer.fi will trigger a phishing security warning from CloudFlare.Analysis shows that there is malicious JavaScript code on the frontend of app.balancer.fi (https://app.balancer.fi/js/overchunk.js).Users connecting their wallets to app.balancer.fi will have their balances automatically checked by the malicious script, leading to phishing attacks.After analysis by MistTrack, the malicious addresses are as follows:0x00006DEAcd9ad19dB3d81F8410EA2B45eA5700000x645710Af050E26bB96e295bdfB75B4a878088d7E0x0000626d6DC72989e3809920C67D01a7fe030000The SlowMist security team reminds users that the BGP attack against balancer is still ongoing, and they should temporarily stop accessing the balancer website to avoid being attacked.

ChainCatcher message, SlowMist's Chief Information Security Officer 23pds stated that the DeFi liquidity protocol Balancer has encountered a BGP or DNS hijacking attack, reminding users to pay attention to fund security.

ChainCatcher news, according to a report by Sonic Wall, cryptojacking attacks have increased by 399% globally in the past 12 months. Cybercriminals are increasingly remotely attacking servers and devices, forcing them to mine cryptocurrency without the owners' knowledge.Spencer Starkey, Vice President of Sonic Wall EMEA, stated that as more organizations refuse to pay ransoms, this practice has become a new tactic for hackers.Data indicates that due to increased law enforcement activity and severe sanctions, cybercriminals are also turning to this more decentralized method. Digital attacks targeting businesses, governments, and global citizens are intensifying, and the range of threats is continually expanding.

According to Chain Catcher news, as disclosed by the security website Bleeping Computer, the hacker group TeamTNT is attempting to crack Bitcoin. They have hijacked a large number of servers as resources for cracking Bitcoin as "cryptocurrency solvers" and are trying to break the keys and signatures of the secp256k1 elliptic curve.It is reported that TeamTNT announced its exit in November 2021, but nearly a year later, the group has re-emerged. Researchers have observed that they used three types of attacks in their latest attacks, such as using Pollard's Kangaroo WIF solver "kangaroo attack," "Cronb attack," and "What Will Be" attack. Security personnel recommend that relevant organizations need to enhance their cloud security, strengthen Docker configurations, and complete all available security updates as much as possible. (Source link)