Someone exploited a weakness in CloudFlare and was able to replace the Badger website. When someone clicked on the site to execute an approval transaction, it went to the attacker first, which gave the attacker full control over their wallet.
It did take a manual step on the part of Celsius though... which should have been checked more closely. The UX around that checking is really terrible though and when someone is trying to do something quickly, they aren't always going to check. This is a big failure of wallets these days.
Balancer.fi just had a similar attack happen to them where the .fi registry allowed a nameserver change.
> It is also clear that the frontends really need to be hosted in a way that they can't be modified.
Years ago the advice was IPFS and IPNS.
I agree. This is not the Web3 dream everyone was promising us when frontends and nft media assets themselves are mutably stored on some server relying on serveral entities in the DNS chain to maintain security, behave, and stay available.
I wish there was a way we could almost hash a website or a piece of the critical path code running the site so that you know the content on the page was not modified and that the code that is executed is what the site intended.
We kind of have the 'secure lock' with https doing part of the work, but it is kind of irrelevant if DNS is pointing to some hackers site.
That's kinda what IPFS is - every webpage is identified by its hash. But then updates are impossible so IPNS steps in to give a mutable name -> hash relationship. Just like a git commit, if you have the IPFS hash you are guaranteed for it to be correct. How you find that hash - IPNS or some other method, has been the major challenge.
Further we used to have HPKP to further protect the security chain but it ended up being dangerous for various reasons. Monitoring certificate transparency logs for any re-issuences of your domain's certificates is the current detection method as http is pretty heavily penalized in todays browsers.
Someone exploited a weakness in CloudFlare and was able to replace the Badger website. When someone clicked on the site to execute an approval transaction, it went to the attacker first, which gave the attacker full control over their wallet.
It did take a manual step on the part of Celsius though... which should have been checked more closely. The UX around that checking is really terrible though and when someone is trying to do something quickly, they aren't always going to check. This is a big failure of wallets these days.
Balancer.fi just had a similar attack happen to them where the .fi registry allowed a nameserver change.
https://twitter.com/Balancer/status/1704552288201883809
It is also clear that the frontends really need to be hosted in a way that they can't be modified.