Key takeaways:
- The Web3 community platform Galxe’s website was down for nearly an hour. Galxe posted on X that its website was offline. Galaxy confirmed that a security breach affecting its DNS record had occurred.
- As of the most recent update, Galxe has successfully recovered.
On October 6, the Web3 community platform Galxe’s website was down for nearly an hour. At 14:44 UTC, Galxe posted on X (previously Twitter) that its website was offline.
Forty minutes later, it confirmed that a security breach affecting its Domain Name System (DNS) record had occurred. It warned not to access the domain until the problem was fixed.ย
Some X users claimed that Google had disabled the website after it was restored. According to one Web3 cybersecurity service:
“Their DNS records have been modified to redirect to a phishing website that drains users’ wallets.”
The DNS records had been altered by sending users to a phishing website intended to steal money from their wallets, it was discovered after further examination.
ZachXBT, a crypto investigator, said funds were being taken from Galxe. Following the restoration of the Galxe website, the wallet ZachXBT associated with the exploit continued to amass cash and was, according to DeBank, hovering around $160,000 at 17:15 UTC.
ZachXBT proposed a connection between the Galxe exploiter and the group responsible for the September 19 attack on the Balancer protocol. In the past month, Balancer has experienced a second attack. $238,000 was lost as a result of the second attack on Balancer.
The Balancer team described the event as a social engineering attack on their DNS server carried out by a cryptocurrency wallet drainer known as Angel Drainer. The attacker may have been connected to Russia, according to blockchain security startup SlowMist.
Unfortunately, this occurrence is just the latest in a long line of setbacks that have plagued the Web3 ecosystem in this year’s third quarter.
According to new research from security platform Immunefi, losses to Web3 projects significantly rose in the third quarter of this year compared to the third quarter of 2022. Attacks increased from 30% to 76% year over year, and losses in Q3 2023 came close to $686 million. The Mixin hack on September 25 caused the highest loss during that time.
A Galxe representative responded to the hack by assuring users that their money and personal information would be safe so long as no transactions had been approved on Galxe in the previous eight hours. In addition, they collaborated with law enforcement to address the issue and took steps to strengthen the security of their domain ownership using Dynadot.
As of the most recent update, Galxe has successfully recovered. The website is fully functional, and Galxe also stated that they are actively striving to strengthen its security protocols to thwart future attacks. Galxe mentioned that they value the compassion and assistance that have been shown to them through this trying time and are still dedicated to upholding the safety and trust of its users and clients.