Galxe Website Hit by DNS Attack: Users Warned of Potential Wallet Drain – A Deep Dive into the Security Breach

Hold onto your hats, crypto enthusiasts! Over the weekend, the Galxe community platform, a well-known name in the Web3 space, experienced a bumpy ride. On October 6th, users attempting to access the Galxe website were met with an unwelcome surprise – an outage. But this wasn’t just your run-of-the-mill server hiccup; it was a full-blown security incident, a DNS attack to be precise. Let’s dive into what happened, what it means for you, and what we can learn from this event.

What Exactly Happened to Galxe?

It all started at 14:44 UTC on October 6th when Galxe’s website decided to take an unscheduled break. The team quickly took to X (formerly Twitter) to announce the outage. Initially, the cause was unclear, but the picture became clearer within 40 minutes. Galxe confirmed they were victims of a security breach targeting their Domain Name System (DNS) records. This essentially means that cybercriminals managed to meddle with the internet’s phonebook, redirecting users away from the legitimate Galxe site.

Galxe promptly issued a warning, urging users to steer clear of their domain until they sorted things out. But the story doesn’t end there; it actually gets a bit more concerning.

Phishing Fears and User Reports

Once the Galxe website was back online, things didn’t immediately return to normal. Users began reporting that Google was blocking the site. The reason? Allegedly, the altered DNS records were pointing to a phishing website designed to steal cryptocurrency wallets. Imagine clicking on a link you trust, thinking you’re heading to Galxe, only to be unknowingly directed to a malicious site waiting to siphon your digital assets. Not a pleasant thought, right?

ZachXBT’s On-Chain Investigation: Confirming the Drain

Enter ZachXBT, the crypto world’s very own detective. His on-chain sleuthing revealed the grim reality: funds were indeed being illicitly drained from users. Even after the Galxe website was supposedly restored, the wallet associated with this exploit continued to accumulate stolen funds. DeBank reported that this illicit wallet balance reached a staggering $160,000 by 17:15 UTC. This highlights a crucial point: even after a website appears to be back online, the repercussions of a DNS attack can linger, and malicious actors can continue to exploit the vulnerability.

Déjà Vu? Balancer Protocol Connection

Here’s where things get even more intriguing. ZachXBT pointed towards a possible link between the Galxe attacker and the perpetrator behind the Balancer protocol attack on September 19th. If true, this suggests a potentially sophisticated and persistent threat actor targeting the Web3 ecosystem. And guess what? The September 19th attack on Balancer wasn’t even their first rodeo; it was their second attack within a single month! This paints a picture of a highly active and potentially coordinated group of cybercriminals.

Balancer’s Double Whammy: Social Engineering and Angel Drainer

The second Balancer attack resulted in losses of around $238,000. The Balancer team described it as a social engineering attack on their DNS server, pinning the blame on a known crypto wallet drainer dubbed “Angel Drainer.” Blockchain security firm SlowMist even hinted at a possible Russian connection to this attacker. This interconnectedness between attacks on different platforms raises serious questions about the scale and organization of these cyber threats.

Web3 Security Landscape: A Troubling Trend

The Galxe and Balancer incidents aren’t isolated cases. A recent report from Immunefi, a security platform, reveals a worrying trend: Web3 projects are facing a significant surge in attacks. Let’s break down the concerning statistics:

• Attack Increase: A jump from 30% to a whopping 76% year-on-year increase in attacks comparing Q3 2022 to Q3 2023.
• Massive Losses: Losses in Q3 2023 reached nearly $686 million.
• Headline Hack: The Mixin hack on September 25th accounted for the largest chunk of these losses.

These figures paint a stark picture of the evolving threat landscape in the Web3 space. It’s not just about smart contract vulnerabilities anymore; attackers are targeting infrastructure like DNS servers and employing social engineering tactics to gain access.

Galxe’s Response and Reassurance

At 21:25 UTC on October 6th, Galxe reached out to Cointelegraph with an official statement, promising a more detailed update on X. Their initial statement offered some reassurance, but also emphasized caution:

“The Galxe website is currently offline. We will reinstate it once the correct DNS records are globally propagated. Rest assured, your funds and information remain secure as long as no approval for any transaction on Galxe has been granted in the past 8 hours. We regained domain ownership at 9 AM PST on October 6th and have bolstered the account’s security through [domain registrar service] Dynadot. In our endeavor to address this situation, we have engaged with the appropriate law enforcement authorities.”

Galxe highlighted that users who hadn’t approved any transactions on their platform in the preceding 8 hours were likely safe. They also mentioned regaining domain ownership and strengthening security measures with Dynadot. Engaging law enforcement is a positive step, indicating they are taking the matter seriously.

Key Takeaways and Actionable Insights

So, what can we learn from the Galxe DNS attack and the broader context of rising Web3 security incidents?

• DNS Security is Crucial: DNS, often an overlooked aspect of security, is a critical infrastructure component. Protecting DNS records is paramount for Web3 platforms.
• Be Wary of Phishing: Always double-check website URLs and be suspicious of any unusual redirects or login prompts, especially after reported security incidents.
• Transaction Vigilance: As Galxe advised, avoid approving transactions on potentially compromised platforms. Be extra cautious when interacting with Web3 sites after security breaches are reported.
• Stay Informed: Follow reputable crypto news sources and security researchers like ZachXBT to stay updated on emerging threats and security incidents.
• Web3 Security is Evolving: The threat landscape is shifting. Web3 projects and users need to be aware of and prepared for a wider range of attack vectors beyond just smart contracts.

In Conclusion: A Wake-Up Call for Web3

The Galxe DNS attack serves as a stark reminder of the ongoing security challenges in the Web3 space. It underscores the importance of robust security measures, not just in code, but also in infrastructure and user awareness. As the Web3 ecosystem continues to grow, so too will the sophistication and frequency of cyberattacks. Staying informed, being vigilant, and prioritizing security are no longer optional – they are essential for everyone involved in the decentralized future.