Interoperability protocol Celer Network has requested its users to revoke token approvals for several smart contracts after shutting down its cBridge over a potential DNS exploit.
As per the project’s initial analysis, some suspicious DNS activity was observed at around 7 PM UTC on August 17. However, the protocol is still attempting to investigate and get more details about the issue.
After an investigation, it was found that the UI hijack was designed to redirect users to interact with the compromised smart contract which ultimately drained their balances.
To protect its users and prevent any more mishaps, the platform has shut down the cBridge and warned its users to revoke approvals for contracts in Ethereum (ETH), Avalanche (AVAX), Polygon (MATIC), Binance Smart Chain, Astar, Aurora, and Arbitrum.
Users can go to the token approval page for each network in order to revoke the approvals as a precautionary measure. Thereafter, the platform will fully compensate all those affected during the breach.
Also Read: Curve Finance States $570K Attack was ‘DNS Cache Poisoning’
Reportedly, the attacker was able to drain around 128 ETH ($240K) before the exploit was discovered and then transferred to Tornado Cash tumbler. Celer protocol revealed later that the team managed to respond quickly to the attack. Consequently, only a small portion of users are affected.
The Celer protocol and smart contracts are not affected during the breach. Moreover, the Celer DNS root record was not compromised and was never modified. However, the platform announced that “cBridge frontend UI is now up again with additional monitoring in place.”
The platform cautioned users, “We strongly recommend the community to always check contract addresses that you are interacting with on any DeFi apps as DNS poisoning seems to forming a trend.”
