In a critical cybersecurity breach on October 17, 2024, Ambient Finance, a decentralized finance (DeFi) platform, was targeted by a domain name system (DNS) attack that compromised its website.
Hackers gained control of the platform’s domain, inserting malicious links to steal assets. However, Ambient Finance has regained control of its domain, assuring users that their smart contracts and funds remained safe throughout the incident.
Ambient Finance was founded in 2021 and operates a decentralized exchange (DEX). Last year, it raised $6 million in a seed round with backing from major investors such as Blocktower and Circle Ventures.
Ambient Finance DNS Attack: How Badly Was the Exchange Affected?
The attack began when hackers breached Ambient Finance’s DNS, redirecting users to malicious links to steal their assets.
The team quickly responded by alerting users on social media platform X, urging them not to interact with the site, connect their wallets, or sign any transactions.
The team tweeted on X:
“The Ambient Finance website domain has been hijacked and compromised. The issue is isolated to the frontend website; contracts and funds are safe.”
They clarified that users should wait for further updates before returning to the platform.
DNS attacks like this target a platform’s domain registrar credentials, giving hackers control over the website interface.
This attack typically focuses on the platform’s front end, as the backend smart contracts — the heart of decentralized systems — remain unaffected.
In Ambient Finance’s case, the team quickly reassured users that while the website had been compromised, the integrity of their smart contracts and on-chain infrastructure was not jeopardized.
Two hours after the attack was first reported, Ambient Finance updated users, confirming they had recovered the domain.
However, due to DNS propagation delays, the team recommended that users only interact with the site once the domain updates were fully completed.
We have recovered the domain, and DNS is updating now. Since DNS propagation takes time, users should wait for the all clear before interacting with the frontend site.
Contracts and funds are safe and unaffected. https://t.co/6g0pkfVs2y— ambient (@ambient_finance) October 17, 2024
The malware used in the attack, identified as Inferno Drainer, is notorious for its ability to steal digital assets.
Cybersecurity firm Blockaid analyzed the attack and revealed that the server used to orchestrate the hack was set up just 24 hours before the breach occurred.
The drainer kit used in this attack is Inferno Drainer.
Interestingly, looks like the C2 server used here was created specifically for this attack – it was registered in the last 24h pic.twitter.com/uJbfztWW9O— Blockaid (@blockaid_) October 17, 2024
Despite the attack’s speed, Ambient Finance regained control of its domain relatively quickly.
Growing Threat of Cyber Attacks in DeFi
DNS-based attacks have become more prevalent in recent months, and other prominent DeFi platforms like Ethena Labs have also experienced similar breaches just this year.
The Ethena domain registrar account was recently compromised and we have taken steps to deactivate the site until further notice.
The protocol is unaffected and funds are safe.
Please do not interact with any site or application purporting to be the Ethena frontend.— Ethena Labs (@ethena_labs) September 18, 2024
These attacks typically exploit vulnerabilities in a platform’s web infrastructure, particularly its domain registration, and aim to trick users into revealing sensitive information or signing malicious transactions.
In Ambient Finance’s case, the quick recovery of its domain likely prevented more extensive damage.
While smart contracts and on-chain infrastructure often remain secure, front-end vulnerabilities like DNS attacks can still pose significant user risks.
In September, the automated market maker Balancer suffered a front-end exploit following a social engineering attack, and several other platforms have been similarly compromised in recent months.
According to a recent report by Immunefi, crypto hacks and scams in the third quarter of 2024 amounted to $413 million in losses, a significant decline from the $686 million lost during the same period in 2023.
The report shows that while the overall number of attacks may have decreased, the threat to DeFi platforms remains substantial.
As of the latest attack in Defi space, Radiant Capital, a Binance-backed cross-chain lending protocol, was hacked on Wednesday, October 17, resulting in over $50 million in stolen assets.
The post DeFi Exchange Defeats DNS Attack: Ambient Finance Recovers Domain appeared first on Cryptonews.
