Post-Mortem of Events June 23

Initial Disclosure

Summary of Attack

After some initial investigation, it was confirmed that the DNS of had been hijacked, taking users to a copy of the website containing malicious contracts. The attack replaced web elements that interact with smart-contracts across varying portions of the site to new contracts under the attackers control. Unsuspecting users could have clicked familiar buttons in the UI, but been prompted to approve new, malicious contracts. Many contract addresses even contained the same first and last 4 characters, making it easier to glance at these new contracts and potentially accept them as the originals. Furthermore, the malicious contracts did not seem to be presented to all users, nor were they always presented on the same web elements.

  • The website is now using a new DNS registrar.
  • Multiple layers of DNS monitoring are enabled to help identify these types of attacks in the future.
  • Payouts will go directly to the affected address after confirming revoked approvals.
  • Payments will not be forwarded/sent to different addresses.
  • You may be asked to revoke approvals, but you will not need to do any new approvals to receive compensation.
  • You will not need to send any tokens anywhere to receive compensation.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store