header banner
Default

The Galxe platform is attacked via DNS; losses exceed $150,000


Table of Contents

    The Web3 platform’s website has been restored, but the company still warns against using it. The hack may be linked to September’s attack on Balancer.

    14094 Total views

    81 Total shares

    Galxe platform experiences DNS attack, losses top $150K

    The website of Web3 community platform Galxe was offline for about an hour on Oct. 6. Galxe reported on X (formerly Twitter) that its website was down at 14:44 UTC, confirming 40 minutes later that it had experienced a security breach affecting its Domain Name System (DNS) record. It warned against visiting the domain until the situation was remedied. 

    At the time of writing, Galxe had not confirmed that its website was safe to use again. After the website was restored, some X posters were reporting that it was blocked by Google.

    Dear Galxe Community,

    We recognize the impact that recent events have had upon our users and are quickly working to take remedial action. The Galxe security team continues to take an aggressive approach to protect your data, funds and digital assets.

    Steps You Should Take:
    ❗️Do…

    — Galxe (@Galxe) October 6, 2023

    One Web3 cybersecurity service explained:

    “Their DNS records have been modified to redirect to a phishing web-site that drains users wallets.”

    Crypto detective ZachXBT reported that funds were being stolen from Galxe. The wallet ZachXBT linked to the exploit continued to gather funds after the Galxe website came back online, hovering around $160,000 at 17:15 UTC, according to DeBank.

    ZachXBT suggested a link between the Galxe exploiter and the party that attacked the Balancer protocol on Sept. 19. That was the second attack on Balancer in the span of a month.

    Once you connect to Galxe, you will be prompted for approval.
    If you approve by logging in to WEB3 as usual, all assets will be removed.
    Please RT and spread the word. pic.twitter.com/W51Bdd78KU

    — ZORBA۞ (@OHzorba) October 6, 2023

    The second attack on Balancer led to losses of $238,000. The Balancer team called the incident a social engineering attack on its DNS server carried out by a crypto wallet drainer called Angel Drainer. Blockchain security firm SlowMist suggested that the attacker was associated with Russia.

    $148k has already been stolen by the Galxe hacker.

    The hacker is using the same smart contract on 10 networks:

    0x0000d38a234679F88dd6343d34E26DCB50C30000

    Please revoke this smart contract ASAP on:

    ❍ Ethereum
    ❍ Optimism
    ❍ Arbitrum
    ❍ BNB Chain
    ❍ Base
    ❍ Polygon
    ❍… pic.twitter.com/I9SN3FfPYF

    — FIP Crypto (@FIP_Crypto) October 6, 2023

    Losses to Web3 projects increased dramatically in the third quarter of this year, as compared with Q3 2022, according to a recent report from security platform Immunefi. Attacks rose from 30% to 76% year-on-year, and losses reached close to $686 million in Q3 2023. The biggest loss in that period was from the Mixin hack on Sept. 25. 

    At 21:25 UTC, a spokesperson for Galxe contacted Cointelegraph to provide a statement that she said would later be posted on X. The statement read, “The Galxe website is offline. We will bring it back online once the correct DNS records are propagated globally. Your funds and information are safe as long as no approval of any transaction on Galxe has been made in the past 8 hrs. […] We took back the domain ownership at 9am PST, October 6th, and enhanced the security protection of the account with [domain registrar service] Dynadot. […] In our efforts to address this situation, we have engaged with the appropriate law enforcement authorities. 

    Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

    Update on Oct. 6, 21:45 UTC: This article has been updated to include a statement provided by Galxe.

    Sources


    Article information

    Author: Nathan Cook

    Last Updated: 1700167322

    Views: 1536

    Rating: 4.3 / 5 (69 voted)

    Reviews: 92% of readers found this page helpful

    Author information

    Name: Nathan Cook

    Birthday: 1998-12-31

    Address: 35126 Lisa Rest Suite 888, Mcculloughmouth, KY 72071

    Phone: +4624044035251729

    Job: Cryptocurrency Analyst

    Hobby: Dancing, Skiing, Chess, Sailing, Playing Piano, Arduino, Poker

    Introduction: My name is Nathan Cook, I am a strong-willed, intrepid, steadfast, brilliant, Adventurous, Colorful, skilled person who loves writing and wants to share my knowledge and understanding with you.