Celer Network shuts down bridge over potential DNS hijacking

Published at: Aug. 18, 2022

Interoperability protocol Celer Network (CELR) has asked its users to revoke the approval for several contracts after shutting down its cBridge over a suspected DNS hijacking. 

According to the project's initial analysis, there was some suspicious DNS activity at around 7 PM (UTC) on Aug. 17. However, the platform is still trying to investigate and know more about the issue at the time of writing.

Meanwhile, as the platform continues to pinpoint the problem, the team has shut down the cBridge as an initial way to avoid any more mishaps and protect their users. In addition to shutting down the bridge, the platform also warned its users and advised them to revoke token approvals for smart contracts in Ethereum (ETH), Polygon (MATIC), Avalanche (AVAX), Binance Smart Chain, Arbitrum, Astar and Aurora.

If you recently used cBridge, please make sure to check and revoke any token approval for the following contracts:Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF(cont' in next thread) https://t.co/HJbCxq4RqN

— CelerNetwork (@CelerNetwork) August 17, 2022

Users can go to the token approval page for each network if they want to revoke the approvals as a precautionary measure while the platform continues to examine the issue and come up with a solution.

In January, Ethereum co-founder Vitalik Buterin expressed his disapproval of cross-chain bridges because of their fundamental security limitations. According to Buterin, while the future will be multi-chain, it may not be cross-chain.

Related: Cross-chains in the crosshairs: Hacks call for better defense mechanisms

Meanwhile, bridge exploits have become more prevalent in the crypto space, resulting in $2 billion in losses in 2022 alone. According to a report by blockchain analytics firm Chainalysis, cross-chain bridge exploits have accumulated around 69% of all the crypto that was lost to theft in the year, with Q1 leading because of the Ronin Bridge hack in March.

Despite the hacks, there are still good samaritans in the crypto space. Earlier in August, crypto exchange Binance recovered a majority of funds that were drained from the recent Curve Finance exploit. Apart from this, white hat hackers have also returned around $32 million worth of digital assets to the victims of the Nomad bridge hack.

Tags
Dns
Related Posts
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …
Blockchain / Aug. 11, 2022
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
Finance Redefined: Alchemy raises $200M, Bunny goes DAO, Feb. 4–11
Welcome to the latest edition of Cointelegraph’s decentralized finance newsletter. As the DeFi space continues its technical resurgence, essential news on funding, innovation and DAOs continues to drive adoption in what remains a nascent industry. For the full version of this newsletter including longer, more descriptive analysis of the top stories this week, subscribe below: Alchemy raises $200M in latest funding, ACH token soars 77% Web3 platform Alchemy announced the launch of a $200-million Series C funding round this week, giving the company a decacorn status and a valuation of $10.2 billion. The seven-investor round was led by two California-based …
Decentralization / Feb. 12, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
Another depeg — Acala trace report reveals 3B aUSD erroneously minted
High-profile security incidents continue to be a theme in 2022 as the Acala Network joined a long list of stricken platforms to fall prey to exploits. Acala’s aUSD token, which acts as the native stablecoin for the Polkadot and Kusama blockchains, saw its value plummet 99% after a misconfiguration of the iBTC/aUSD liquidity pool was exploited after its launch on Aug. 14. Initial estimates from Acala noted that 1.2 billion aUSD were minted without the necessary collateral - seeing the token’s value depeg from its 1:1 USD ratio to a bottom of $.01. Acala put its network in maintenance mode …
Blockchain / Aug. 17, 2022