- There have been reports of a possible DNS hijacking of the cBridge frontend, according to Celer Network.
- For the time being, Celer Network recommends that users refrain from using cBridge for cross-chain assets.
- The issue that has caused the cBridge user interface to go offline is being looked into at this time.
Celer Network has reported a possible DNS hijacking of the cBridge frontend. The platform is conducting an investigation and advising users to refrain from using it until further notice.
📢(1/n)A DNS cache poisoning attack on cBridge’s frontend UI appprox. during 08/17 07:45pm to 10:00 pm UTC caused some users to be redirected to malicious smart contracts that can drain all approved token amount. FIRST, PLEASE check&revoke any approval to the followings:
— CelerNetwork (@CelerNetwork) August 18, 2022
Reports of a possible DNS hijacking of cBridge frontend were received by the Celer Network Layer 2 Scalability Platform (CELR) late on August 17.
At present, Celer is being investigated, and a warning has been issued to users about these contracts, which are linked to a possible UI hack that would cause users to be redirected to the malicious smart contracts that can drain all approved token amount.
Initial reports indicate that hackers were able to begin their attack around August 17 at 7:00 PM +UTC. For the time being, Celer Network recommends that users refrain from using cBridge for cross-chain assets. The problem that has caused the cBridge user interface to go offline is being looked into at this time.
As a precautionary measure for users, while the platform conducts its investigations, the cBridge frontend user interface has been disabled temporarily.
Furthermore, Celer has notified its community that they should revoke token authorization for the following smart contracts:
- Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8
- BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF
- Polygon: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9
- Avalanche: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
- Arbitrum: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
- Astar: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
- Aurora: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9
To revoke approvals for a token, a user must go to the blockchain explorer for that network and find the page for token approval. Users on BNB Chain have access to the BSC News guide, with similar functionality available on other networks.
cBridge and similar cross-chain bridges appear to be fairly popular, possibly due to their practicality. Some have voiced worries about their potential security flaws, including Ethereum’s founder, Vitalik Buterin, who publicly called them out in a tweet earlier this year:
My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple “zones of sovereignty”. From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b
— vitalik.eth (@VitalikButerin) January 7, 2022
The full scope of the DNS attack is now being investigated by Celer Network.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
