Hackers compromised the DNS server of the cBridge cross-chain bridge from Celer Network. As a result, the external interface redirected some users to malicious smart contracts.
The project team assured that they reacted quickly to the incident, so that only a “small part” of users were affected. All of them will receive full compensation.
“The Celer protocol and smart contracts are not affected. The root DNS record has not been compromised and has not been changed,” the developers said.
According to them, the attack, like the recent one on Curve Finance, was aimed at third-party DNS providers that are outside the control of the project.
“DNS compromise can occur with the frontend of any DeFi application, regardless of the protocol’s own security.
We strongly recommend that the entire blockchain community enable the Secure DNS parameter in the browser to reduce the risk,” the developers wrote.
They also called for checking the addresses of smart contracts and rejecting any suspicious ones.