Multiple DeFi Protocols Resume Operations Following GoDaddy Exploit

2 mins
16 May 2022, 12:30 GMT+0000
Updated by Geraint Price
16 May 2022, 14:47 GMT+0000
In Brief
  • Attackers used an exploit in a hosting service to attack several DeFi protocols.
  • Most of these protocols have fixed the vulnerability and are now returning to normalcy.
  • Another attack took place on CoinGecko and Etherscan via a malicious ad script through Coinzilla.
  • promo

A GoDaddy exploit saw attackers hack multiple DeFi protocols, which have only just come back to regular functionality. In a separate incident, attackers used a malicious advertisement script through Coinzilla to attack CoinGecko and Etherscan.

Several cryptocurrency platforms are resuming functionality following a hack that took place via a GoDaddy exploit late last week. The platforms affected include SpiritSwap, QuickSwap, and Dextools.

The attacker used a phishing attack in an attempt to steal funds. Some platforms have reported thefts, but so far, it only appears to be comparatively small amounts for most platforms.

Users alerted the respective platforms that there were popups from MetaMask asking for a connection to a malicious site.

In a separate incident, CoinGecko and Etherscan were exploited through a third-party service. CoinGecko said that the phishing attack was a result of a malicious advertising script by the crypto advertising network Coinzilla. Etherscan also said that a third-party integration was the cause.

In the case of SpiritSwap, the attacker was able “to modify the frontend to divert funds to a wallet under their own control.” In this case, the attacker was able to make away with $18,000.

Most platforms have announced that they have regained access, but there has been no news on the attackers. Both attacks are bold ones that cover many popular websites, including CoinGecko and Etherscan. There will surely be more attention to using external services as a result.

DeFi platforms not immune to external exploits

The attack is yet another one to take place in the DeFi market. The space is known to be prone to attacks, simply because it sees such a large influx of funds and is the perfect target for hackers looking to make away with funds. However, most attacks are due to flash loan exploits and general code vulnerabilities.

This time, the attack has taken place via a third-party integration, and platforms will have to be wary. If such exploits can take place, then it is possible that other integrations also have vulnerabilities.


BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.