dYdX Domain Faces Repeated DNS Hijacking Incidents

dYdX,
a
prominent
decentralized
trading
platform,
recently
faced
multiple
DNS
hijacking
incidents
impacting
its
domain

dydx.exchange.
These
attacks
have
raised
significant
concerns
about
the
security
protocols
of
domain
registrars
and
the
broader
implications
for
the
crypto
industry.

Background

In
2023,
Squarespace
acquired
the
rights
to
all
domains
from
the
now-defunct
Google
Domains,
migrating
them
over
several
months.
The

dydx.exchange
domain
was
transferred
on
June
15,
2024.
However,
on
July
9,
attackers
managed
to
gain
access
to
this
domain,
changing
its
DNS
Nameservers
from
Cloudflare
to
DDoS-Guard.
The
attack
was
mitigated
by
DNSSEC
settings,
which
blocked
unauthorized
access.

OAuth
Weakness
Exploited

Following
the
initial
incident,
dYdX
worked
with
Squarespace
to
restore
access
and
rotated
all
security
credentials.
Despite
these
measures,
similar
attacks
were
reported
on
other
crypto-specific
domains
migrated
from
Google
Domains
to
Squarespace.
SEAL,
a
crypto
security
team,
initiated
an
investigation,
revealing
potential
technical
vulnerabilities
within
Squarespace.

On
July
18,
Squarespace
confirmed
an
exploited
security
issue
with
OAuth
logins,
which
was
fixed
by
July
12.
Despite
this,
dYdX
decided
to
change
domain
registrars,
though
they
believed
Squarespace
had
addressed
the
vulnerability.

Account-Recovery
Attack

On
July
23,
the

dydx.exchange
domain
was
compromised
again.
Attackers
changed
the
DNS
Nameservers
and
removed
DNSSEC
settings,
hosting
a
malicious
site
to
steal
funds
from
connected
wallets.
dYdX
collaborated
with
SEAL
and
wallet
providers
like
Metamask
and
Phantom
to
block
the
malicious
site.
Approximately
$31,000
was
lost
by
two
users
during
this
period.

Upon
recovery,
it
was
discovered
that
the
attacker
had
used
a
social-engineering
attack
to
reset
the
domain
admin
email
to
their
own,
bypassing
2FA
due
to
Squarespace’s
account-recovery
process.
Squarespace
customer
service
had
reset
the
account
without
reaching
out
to
other
listed
admins.

Securing
the
Domain

As
a
response
to
these
incidents,
dYdX
transferred
the
domain
registration
to
Cloudflare
on
July
24,
completing
the
process
in
six
hours.
No
security
issues
with
dYdX’s
smart
contracts,
backend
systems,
or
the
dYdX
Chain
were
found
as
a
result
of
these
incidents.

Industry
Implications

These
incidents
underscore
the
importance
of
robust
security
measures
for
domain
registrars,
especially
for
crypto-related
domains.
The
vulnerabilities
in
Squarespace’s
OAuth
and
account-recovery
protocols
highlight
the
need
for
continuous
improvement
in
security
practices
to
prevent
such
attacks.

About
dYdX

dYdX
aims
to
democratize
access
to
financial
opportunities,
with
the
dYdX
Chain
representing
a
significant
step
forward
in
this
mission.
For
more
information,
visit

dydx.exchange.

Image
source:
Shutterstock