In a recent turn of events, the Web3 community platform Galxe found itself at the center of a security breach that raised serious concerns about the safety of decentralized internet applications. On October 6th, Galxe’s website went offline for approximately an hour, signaling a security issue that has since triggered a series of investigations and discussions within the Web3 community.
The Breach
Galxe promptly took to social media, specifically X (formerly Twitter), to acknowledge the incident. At 14:44 UTC, they confirmed that their website was down due to a breach affecting their Domain Name System (DNS) record. Galxe urged users not to visit the domain until the issue was resolved.
While the platform’s website was eventually restored, it didn’t take long for users to notice that Google was blocking access to it. The reason behind Google’s action soon became clear: Galxe’s DNS records had been tampered with, redirecting unsuspecting users to a phishing website designed to siphon off their cryptocurrency wallets.
Crypto Detective Work
Crypto detective ZachXBT played a crucial role in shedding light on the extent of the breach. He reported that funds were being stolen from Galxe, and what’s more concerning, the wallet linked to the exploit continued to collect funds even after Galxe’s website had been brought back online. As of 17:15 UTC, this wallet held around $160,000 worth of cryptocurrency, according to DeBank.
What makes this situation even more intriguing is the suggestion made by ZachXBT regarding a potential connection between the Galxe breach and a previous attack on the Balancer protocol that occurred on September 19th. The Balancer protocol suffered its own security incident, resulting in losses totaling $238,000. This incident was labeled as a social engineering attack on Balancer’s DNS server, carried out by a crypto wallet drainer known as Angel Drainer. Interestingly, blockchain security firm SlowMist indicated that the attacker might have ties to Russia.
Web3 Security Landscape
These recent incidents are part of a broader trend affecting Web3 projects, with losses significantly increasing in the third quarter of 2023 when compared to the same period in 2022. According to a report from security platform Immunefi, attacks on Web3 projects rose from 30% to a staggering 76% year-on-year, leading to losses totaling nearly $686 million in Q3 2023. Notably, the most significant loss during this period stemmed from the Mixin hack on September 25th.
Galxe’s Response
At 21:25 UTC, a Galxe spokesperson reached out to Cointelegraph with a statement. They emphasized that the Galxe website would remain offline until the correct DNS records were globally propagated. Importantly, they assured users that their funds and information remained secure, provided that no transactions had been approved on Galxe in the past 8 hours.
Galxe also took proactive steps to enhance the security of its account by partnering with the domain registrar service Dynadot. Additionally, the platform has engaged with law enforcement authorities in an effort to address the situation comprehensively.
In conclusion, the Galxe security breach serves as a stark reminder of the vulnerabilities that exist within the Web3 ecosystem. It underscores the importance of robust security measures, prompt responses to incidents, and ongoing collaboration among Web3 stakeholders to ensure the safety and trustworthiness of decentralized internet applications. As the Web3 landscape continues to evolve, vigilance against threats and continuous improvement of security practices will remain paramount.
Source: https://cointelegraph.com/news/galxe-protocol-experiences-dns-attack-october-6
Join the Discussion