Galxe, a Web3 credential data network platform, is taking decisive steps to recover nearly $270,000 USD lost in a recent DNS attack.
How it Went Down
Speaking to Coinlive, Galxe confirmed that the incident occurred on October 6th when an unidentified individual exploited vulnerabilities in the domain services provided by Dynadot.
Posing as an authorised Galxe member, they circumvented security protocols using falsified documents.
Subsequently, the attacker gained unauthorised access to Galxe's domain account, manipulating it to redirect visitors to a counterfeit website and execute transactions that siphoned off their funds.
Galxe has clarified that the attack solely impacted their domain and front-end application, with the core smart contracts and technical systems remaining secure and unaffected.
Dynadot has yet to comment on the incident.
Recovery Plan
In an official statement, Galxe pledged to support all affected users and is actively developing a recovery plan.
They will communicate the next steps once a comprehensive list of affected transactions is compiled.
It is estimated that approximately 1,120 users who interacted with the malicious site collectively lost around $270,000.
Only users who signed transactions after 6:02 AM and before 11:23 AM PDT were affected, with the first hack happening on 6:45 AM PDT.
In response to this incident, Galxe issued a warning, cautioning users against individuals claiming to offer "quick recovery" or assistance in claiming losses, emphasizing that these are unauthorised and likely scams.
Some affected Galxe users have turned to social media, including X (formerly known as Twitter), to voice their concerns and call for compensation for their losses.
Galxe appears to have all hands on deck assuring users of an upcoming recovery plan.
The Galxe Attack
Galxe is a Web3 credential data network platform that was the subject of a DNS attack yesterday.
Coinlive previously reported on how users alleged that their assets were compromised after authorising Galxe access to their wallets.
The first signs of trouble emerged when users were prompted to grant permission for the use of their assets upon logging into the Galxe platform.
In light of the security breach, Galxe promptly took down its website to rectify the issue and issued an advisory urging users not to link their wallets to Galxe temporarily.
Support for Affected Users
Have you been affected by the Galxe attack?
Galxe has set up support channels on Discord and their official support platform to ensure round-the-clock assistance during this challenging period.
Galxe has also recommended users to revoke any unrecognised authorisations and to be wary of the following contract addresses that have been flagged in connection with the attack:
- 0x0000eaab14253e1421aef4F48eE539F2653C0000
- 0x00008c6Dc619b0ea53dd8d02B58Bb726aFc40000