A Domain Name Service attack on March 15 brought a number of DeFi platforms to a standstill. One of the victims has detailed a postmortem of exactly what happened.
On March 15, several decentralized finance protocols on the Binance Smart Chain reported that they had suffered a DNS attack. This caused their websites to become inaccessible for some time.
On March 18, Cream Finance confirmed all funds were safe in a post mortem report. It also explained that there were no issues with smart contracts. It regained control over its DNS through the support of the community and partners.
Cream Blames GoDaddy
The DeFi protocol stated that its GoDaddy account (where the domain name is registered) was compromised. This resulted in the redirection of its domain name to a malicious phishing website. It managed to reclaim control over its domain name within a few hours.
The GoDaddy domain records were changed following the hack of Cream’s account. It began a migration process through the security firm Cloudflare. It reached out to industry analytics platforms like CoinMarketCap and CoinGecko to update the website link and issue a warning.
Once it regained control, the platform deployed a decentralized frontend in IPFS (InterPlanetary File System). This ensured that it would have full control and would not have to rely on a centralized company.
“And unlike GoDaddy, we have full control of ENS record, which will prevent attacks like this in the future.”
Cream revealed that it uses Google Single Sign On (SSO) to access the account. Because of this, no username or password is needed and the Google account was never compromised.
GoDaddy’s activity log noted a suspicious password reset request sent to the attacker’s email address. However, there was no record of the email address change. Additionally, errors occurred when trying to access the domain name registrar’s activity logs raising further questions.
Another DeFi protocol based on BSC, PancakeSwap, also reported a similar DNS attack. It too used GoDaddy for domain name registration. The same malicious actor managed to exploit the company in some way to access its domain name records.
It’s clear that DeFi has a long way to go. Platforms still rely heavily on highly centralized corporations such as GoDaddy, Google, and Amazon for much of its operation.
Until there is a truly decentralized web, protocols operating on the fledgling financial industry will always be at the whim of the world’s domineering tech giants.