\n <\/p>\n
<\/p>\n dYdX’s domain suffered multiple DNS hijacking attacks due to vulnerabilities in Squarespace’s OAuth and account recovery protocols, highlighting broader security concerns.<\/p>\n
dYdX, a prominent decentralized trading platform, recently faced multiple DNS hijacking incidents impacting its domain dydx.exchange<\/a>. These attacks have raised significant concerns about the security protocols of domain registrars and the broader implications for the crypto industry.<\/p>\n In 2023, Squarespace acquired the rights to all domains from the now-defunct Google Domains, migrating them over several months. The dydx.exchange<\/a> domain was transferred on June 15, 2024. However, on July 9, attackers managed to gain access to this domain, changing its DNS Nameservers from Cloudflare to DDoS-Guard. The attack was mitigated by DNSSEC settings, which blocked unauthorized access.<\/p>\n Following the initial incident, dYdX worked with Squarespace to restore access and rotated all security credentials. Despite these measures, similar attacks were reported on other crypto-specific domains migrated from Google Domains to Squarespace. SEAL, a crypto security team, initiated an investigation, revealing potential technical vulnerabilities within Squarespace.<\/p>\n On July 18, Squarespace confirmed an exploited security issue with OAuth logins, which was fixed by July 12. Despite this, dYdX decided to change domain registrars, though they believed Squarespace had addressed the vulnerability.<\/p>\n On July 23, the dydx.exchange<\/a> domain was compromised again. Attackers changed the DNS Nameservers and removed DNSSEC settings, hosting a malicious site to steal funds from connected wallets. dYdX collaborated with SEAL and wallet providers like Metamask and Phantom to block the malicious site. Approximately $31,000 was lost by two users during this period.<\/p>\n Upon recovery, it was discovered that the attacker had used a social-engineering attack to reset the domain admin email to their own, bypassing 2FA due to Squarespace\u2019s account-recovery process. Squarespace customer service had reset the account without reaching out to other listed admins.<\/p>\n As a response to these incidents, dYdX transferred the domain registration to Cloudflare on July 24, completing the process in six hours. No security issues with dYdX\u2019s smart contracts, backend systems, or the dYdX Chain were found as a result of these incidents.<\/p>\n These incidents underscore the importance of robust security measures for domain registrars, especially for crypto-related domains. The vulnerabilities in Squarespace\u2019s OAuth and account-recovery protocols highlight the need for continuous improvement in security practices to prevent such attacks.<\/p>\n dYdX aims to democratize access to financial opportunities, with the dYdX Chain representing a significant step forward in this mission. For more information, visit dydx.exchange<\/a>.<\/p>\n
\n Rongchai Wang<\/a>
\n Jul 26, 2024 03:41<\/span>
\n <\/p>\n
\n
\n ![\"dYdX](\"https:\/\/image.blockchain.news:443\/features\/7730C0965ED8395C793CC10166A96E60F5D0DB4492875EEADCDF2E77E9F203FB.jpg\")
\n <\/a>
\n <\/figure>\nBackground<\/h2>\n
OAuth Weakness Exploited<\/h2>\n
Account-Recovery Attack<\/h2>\n
Securing the Domain<\/h2>\n
Industry Implications<\/h2>\n
About dYdX<\/h2>\n