Multiple DeFi Protocols were compromised after unknown attacker/s managed to exploit a vulnerability in the world’s biggest domain registrar Godaddy. There were unconfirmed reports that the hacker might have used Godaddy’s account recovery method to target the crypto domains.
Polygon-based DEX QuickSwap which was among the affected sites has regained access and stopped the phishing attack. It also mentioned that its funds were unaffected and were assisting other projects in “defending against this large-scale DeFi attack.”
One of Fantom’s biggest DeFi exchanges SpiritSwap managed to take quick action as the anonymous hacker manipulated the swap parameters and was able to take away not more than $18,000.
The DEX then provided another update stating that they have disabled swapping to prevent hackers from further stealing and assured that contracts and funds are safe but domain spiritswap.finance has been compromised.
SpiritSwap has suspended transactions, as of press time.
On the price front, Fantom’s native token FTM shed over 30% but recovered by 12.5% in the last 24 hours and is now trading at $0.36.
If we look at FTM’s history, the recent incident is Fantom’s fourth major hack in the past three months. In April, this year, FTM-based protocol Deus Finance succumbed to a flash loan exploit leading to a massive loss of over $13 million.
Prior to that, another FTM-run DeFi platform Fantasm lost more than $2 million in an exploit.
GoDaddy Hack used to redirect swapped funds across DeFi protocols
Given that several crypto projects use Godaddy to host their domains, the full extent of the damage is not clear at the time of writing this post.
That said, this is different from the recent “Coinzilla Ad Hack” where an ad caused a popup on sites like CoinGecko or Etherscan and when clicked, can drain one’s wallet. Here the attacker used the hosting platform GoDaddy appears to redirect swapped funds on DEXes like QuickSwap, and SpiritSwap.
As reported by TronWeekly, on 13th May, several other major crypto platforms were attacked in a phishing attempt. CoinGecko, EtherScan, and Dextools all warned users against malicious popups encouraging them to connect their MetaMask wallets.