The website of the Web3 platform has been restored, but the company strongly advises against using it due to a possible connection to the September attack on Balancer.
On October 6th, the Galxe community platform’s website experienced an outage lasting approximately one hour. Galxe reported on X (formerly known as Twitter) that their website went offline at 14:44 UTC. They later confirmed, 40 minutes later, that they had fallen victim to a security breach affecting their Domain Name System (DNS) record. Galxe cautioned against accessing their domain until the situation was rectified.
As of the time of this writing, Galxe had not yet confirmed the safety of their website for use. Following the website’s restoration, some X users reported that it was being blocked by Google, stating, “Their DNS records have been altered to redirect to a phishing website that siphons users’ wallets.”
Crypto investigator ZachXBT uncovered that funds were being illicitly siphoned from Galxe. The wallet linked to this exploit continued to accumulate funds even after the Galxe website was back online, reaching a balance of around $160,000 at 17:15 UTC, according to DeBank.
ZachXBT suggested a potential connection between the individual exploiting Galxe and the party responsible for the attack on the Balancer protocol on September 19th. This marked the second attack on Balancer within a month.
The second attack on Balancer resulted in losses amounting to $238,000. The Balancer team referred to this incident as a social engineering attack on their DNS server executed by a crypto wallet drainer known as Angel Drainer. Blockchain security firm SlowMist indicated a potential association of the attacker with Russia.
According to a recent report from security platform Immunefi, losses incurred by Web3 projects saw a significant surge in the third quarter of this year compared to Q3 2022. Attacks increased from 30% to 76% year-on-year, with losses reaching nearly $686 million in Q3 2023. The most substantial loss during this period stemmed from the Mixin hack on September 25th.
At 21:25 UTC, a spokesperson from Galxe reached out to Cointelegraph to provide a statement, which she indicated would later be posted on X. The statement read, “The Galxe website is currently offline. We will reinstate it once the correct DNS records are globally propagated. Rest assured, your funds and information remain secure as long as no approval for any transaction on Galxe has been granted in the past 8 hours. We regained domain ownership at 9 AM PST on October 6th and have bolstered the account’s security through [domain registrar service] Dynadot. In our endeavor to address this situation, we have engaged with the appropriate law enforcement authorities.”