Web3 Urgency: Cyberattacks Expose GoDaddy and DeFi Vulnerabilities

GoDaddy, the company responsible for registering Web 2 domain names and web hosting, was attacked by cybercriminals with extensive knowledge of decentralized finance (DeFi). Protocols such as SpiritSwap, QuickSwap, and Dextools were targeted, and users’ funds were stolen. In SpiritSwap’s particular case, hackers modified the interface to divert the users’ funds to their crypto wallets.

URGENT ANNOUNCEMENT

SpiritSwap has been compromised. At this stage early diagnosis is suggesting a hacker has exploited AWS where they have changed the swap parameters so swaps go to a specific address. We have caught this early and at this time only $18,000 has been lost.

— SpiritSwap (@Spirit_Swap) May 13, 2022

On the other hand, hackers also targeted CoinGecko and Etherscan and gained access to these apps via this centralized service. On May 13th and 14th, hackers injected a malicious script through advertising via Coinzilla, an advertising network focused on digital finance and cryptocurrencies, and managed to attack them.

Update: The situation is caused by a malicious ad script by Coinzilla, a crypto ad network - we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don't connect your Metamask on CoinGecko. https://t.co/NY0ppKecIG

— CoinGecko (@coingecko) May 13, 2022

By the end of 2021, an attack similar to the previously mentioned was discovered: a group of hackers cracked the front-end of BadgerDAO and injected a malicious script that tricked the protocol's users into granting permission to access their funds. According to data provided by Peckshield, an auditing firm for smart contracts, the total sum they succeeded in stealing was USD 120 million.

For instance, if decentralized finance protocols and decentralized autonomous organizations continue to employ centralized services for web hosting, these attacks will only take place more frequently.

Behind these centralized integrations, cybercriminals find a pool of vulnerabilities to steal funds and corrupt every creation whose intention is to be decentralized.

Undoubtedly, it is our belief that Web 3 fosters a completely sovereign and free future characterized by collective ownership and digital property, as this third generation of the Internet gives people all the ownership rights they forfeited with Web 2 by means of technology companies, and now everyone is able to own a part of the Internet. Nevertheless, there is still widespread resistance to new tools born in this new era that help end these types of scourges forever.

Preventing these attacks

The good news is that there are already hundreds of developers building over Web 3 with the aim of abandoning the old companies we all are familiar with and with which we fully trust to create, host, improve and maintain web applications.

For example, in the particular cases of GoDaddy, a traditional company that acquires and registers domains on the Internet, what occurred could have been avoided by resorting to Handshake (HNS). This censorship-resistant naming protocol stores Top Level Domain (TLD) ownership data in its blockchain, thus eliminating the need for authorities such as the ICANN or domain lenders.

Within Handshake, there is a consensus protocol that replaces the ICANN root servers with an authoritative name server committed to the blockchain. It is worth noting that since Handshake is akin to the legacy record system DNS, developers can also direct their customized HNS domain to Media Network’s .dcdn resources. Read more about our Handshake integration here.

On the other hand, BadgerDAO could have prevented the loss of USD 120 million if they had employed a decentralized CDN such as Media Network, which enables the use of multi-sig so as to prevent the theft of the administrator account and the injection of the malicious code into the front-end.