- Frax Finance collaborates with domain registrar Name.com to restore proper DNS settings after the hijacking incident.
- No user funds have been reported stolen in the Frax Finance DNS hijacking event.
- Name.com to conduct a “full investigation” into the circumstances surrounding Frax Finance’s DNS hijacking.
Frax Finance, a prominent decentralized finance (DeFi) protocol, successfully recovered its domain following a DNS hijacking incident this past Wednesday. The team worked closely with their domain registrar, Name.com, to restore proper DNS settings. Kazemian, a representative of Frax Finance, said in a statement that the team is “in the dark” about the specifics of the incident and that it wasn’t due to a “compromised email or password.”
https://t.co/gnEI5kjDki has reached out & confirmed https://t.co/cADe5RLjqv & https://t.co/AcTF8hlzaS domains are now routed back to their proper nameservers & configuration. We’ve been told they’ll explain what led to the incident after they conduct a full investigation tomorrow https://t.co/h1eE11P5wZ— Frax Finance (¤, ¤) 🦇🔊 (@fraxfinance) November 1, 2023
DNS hijacking, a tactic where domain name registrars reroute users to malicious websites, has become increasingly common in the crypto industry. Name.com has informed the Frax team that they will conduct a “full investigation” into the circumstances surrounding the hijacking.
Frax Finance is a multifaceted DeFi protocol that offers a range of services, including a stablecoin protocol (FRAX), liquid staking on Ethereum (frxETH), lending markets, and decentralized exchanges (DEXs). As of now, no user funds have been reported stolen due to the DNS hijacking incident involving Frax Finance. The project updated its community, stating that the domains are “now routed back to their proper DNS” and that further details will be provided after a “full investigation” by Name.com.
In a similar incident last year, Convex Finance faced a DNS hijacking that led to users being directed to malicious websites. Angel investor Alexintosh flagged the issue on June 23, tweeting that the DeFi platform appeared to be prompting users to approve an unauthenticated smart contract address, hinting at a DNS spoofing attack. Convex Finance later verified that their DNS had been compromised, causing some users to inadvertently approve malicious contracts.
To mitigate the risks, Convex Finance rolled out two alternative domain names, allowing users to interact with the protocol safely. The team reached out to the community, requesting that affected wallet owners get in touch through Twitter direct messages or their Discord channel. Convex Finance also assured its users that funds stored in verified smart contracts were secure and had not been impacted by the DNS hijacking.