Galxe Protocol Suffers DNS Attack, Incurs Losses Surpassing $150K and Still Growing

Galxe Protocol, a prominent Web3 community platform, encountered a severe security breach on October 6. This breach left its website inaccessible for about an hour. The incident was suspected to be linked to a previous attack on Balancer. This further raised concerns about the safety of user funds.

DNS Attack Unveiled

At 14:44 UTC on October 6, Galxe reported on X (formerly Twitter) the alarming news of its website being down. Confirmation of a security breach affecting its Domain Name System (DNS) record followed 40 minutes later. Users were strongly advised against visiting the domain until the situation was resolved.

Even after the website restoration, users reported issues, with some X posters stating that Google had blocked access. A Web3 cybersecurity service explained that the DNS records had been maliciously modified to redirect users to a phishing website thereby jeopardizing their wallets.

Dear Galxe Community,

We recognize the impact that recent events have had upon our users and are quickly working to take remedial action. The Galxe security team continues to take an aggressive approach to protect your data, funds and digital assets.

Steps You Should Take:
❗️Do…
— Galxe (@Galxe) October 6, 2023

Crypto detective ZachXBT uncovered that funds were being stolen from Galxe. Also, the exploited wallet continued to amass funds even after the website was brought back online. The amount hovered around $160,000 at 17:15 UTC, as reported by DeBank.

Possible Connection to Balancer Attack

ZachXBT suggested a potential link between the Galxe exploiter and the party responsible for the Balancer protocol attack on September 19. This marked the second attack on Balancer within a month, resulting in losses of $238,000. The Balancer team termed it a social engineering attack on its DNS server by a crypto wallet drainer named Angel Drainer. Also, it was potentially associated with Russia.

A recent report from security platform Immunefi revealed a significant surge in losses to Web3 projects in Q3 2023 compared to the same period in 2022. The attacks skyrocketed from 30% to 76% year-on-year, with losses reaching close to $686 million. The Mixin hack on September 25 contributed significantly to this figure.

$148k has already been stolen by the Galxe hacker.

The hacker is using the same smart contract on 10 networks:

0x00008c6dc619b0ea53dd8d02b58bb726afc40000

Please revoke this smart contract ASAP on:

❍ Ethereum
❍ Optimism
❍ Arbitrum
❍ BNB Chain
❍ Base
❍ Polygon
❍… pic.twitter.com/iUyAenfJPu
— FIP Crypto | Airdrops Made Simple (@FIP_Crypto) October 6, 2023

Galxe’s Response and Security Measures

At 21:25 UTC, a Galxe spokesperson provided a statement addressing the incident. The statement further assured users that funds and information remained secure. It further emphasized that no transaction approval on Galxe had occurred in the past 8 hours.

Notably, Galxe took back domain ownership on October 6th at 9 am PST. Furthermore, they reinforced its security with domain registrar service Dynadot. Law enforcement authorities were engaged to address the situation.

XRP Account Suspension on X Sparked Questions for Elon Musk

Sam Bankman-Fried Trial: Testimony Reveals Alameda’s Special Privileges at FTX