Friday, December 2, 2022
 

Multi-Chain Bridge on Celer Network Shut Down Due to DNS Attack

  • There have been reports of a possible DNS hijacking of the cBridge frontend, according to Celer Network.
  • For the time being, Celer Network recommends that users refrain from using cBridge for cross-chain assets.
  • The issue that has caused the cBridge user interface to go offline is being looked into at this time.

Celer Network has reported a possible DNS hijacking of the cBridge frontend. The platform is conducting an investigation and advising users to refrain from using it until further notice.

Reports of a possible DNS hijacking of cBridge frontend were received by the Celer Network Layer 2 Scalability Platform (CELR) late on August 17.

At present, Celer is being investigated, and a warning has been issued to users about these contracts, which are linked to a possible UI hack that would cause users to be redirected to the malicious smart contracts that can drain all approved token amount.

Initial reports indicate that hackers were able to begin their attack around August 17 at 7:00 PM +UTC. For the time being, Celer Network recommends that users refrain from using cBridge for cross-chain assets. The problem that has caused the cBridge user interface to go offline is being looked into at this time.

As a precautionary measure for users, while the platform conducts its investigations, the cBridge frontend user interface has been disabled temporarily.

Furthermore, Celer has notified its community that they should revoke token authorization for the following smart contracts:

  • Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8
  • BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF
  • Polygon: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9
  • Avalanche: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
  • Arbitrum: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
  • Astar: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
  • Aurora: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9

To revoke approvals for a token, a user must go to the blockchain explorer for that network and find the page for token approval. Users on BNB Chain have access to the BSC News guide, with similar functionality available on other networks.

cBridge and similar cross-chain bridges appear to be fairly popular, possibly due to their practicality. Some have voiced worries about their potential security flaws, including Ethereum’s founder, Vitalik Buterin, who publicly called them out in a tweet earlier this year:

The full scope of the DNS attack is now being investigated by Celer Network.

  • There have been reports of a possible DNS hijacking of the cBridge frontend, according to Celer Network.
  • For the time being, Celer Network recommends that users refrain from using cBridge for cross-chain assets.
  • The issue that has caused the cBridge user interface to go offline is being looked into at this time.

Celer Network has reported a possible DNS hijacking of the cBridge frontend. The platform is conducting an investigation and advising users to refrain from using it until further notice.

Reports of a possible DNS hijacking of cBridge frontend were received by the Celer Network Layer 2 Scalability Platform (CELR) late on August 17.

At present, Celer is being investigated, and a warning has been issued to users about these contracts, which are linked to a possible UI hack that would cause users to be redirected to the malicious smart contracts that can drain all approved token amount.

Initial reports indicate that hackers were able to begin their attack around August 17 at 7:00 PM +UTC. For the time being, Celer Network recommends that users refrain from using cBridge for cross-chain assets. The problem that has caused the cBridge user interface to go offline is being looked into at this time.

As a precautionary measure for users, while the platform conducts its investigations, the cBridge frontend user interface has been disabled temporarily.

Furthermore, Celer has notified its community that they should revoke token authorization for the following smart contracts:

  • Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8
  • BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF
  • Polygon: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9
  • Avalanche: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
  • Arbitrum: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
  • Astar: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
  • Aurora: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9

To revoke approvals for a token, a user must go to the blockchain explorer for that network and find the page for token approval. Users on BNB Chain have access to the BSC News guide, with similar functionality available on other networks.

cBridge and similar cross-chain bridges appear to be fairly popular, possibly due to their practicality. Some have voiced worries about their potential security flaws, including Ethereum’s founder, Vitalik Buterin, who publicly called them out in a tweet earlier this year:

The full scope of the DNS attack is now being investigated by Celer Network.

 

Latest news