Attackers were using a GoDaddy exploit to attack various DeFi protocols, which have just recently been restored to normal operation. In a separate incident, attackers used Coinzilla to launch a malicious advertising script against CoinGecko and Etherscan.
Many cryptocurrency platforms are restarting operations following a cyberattack through a GoDaddy exploit late last week. SpiritSwap, QuickSwap, and Dextools are among the platforms affected.
In order to steal funds, the attacker used a phishing attack. Some sites have reported thefts, but the amounts seem to be comparatively small for most platforms.
Users informed the platforms that there were popups from MetaMask requesting a connection to a malicious site.
A third-party service was used to exploit CoinGecko and Etherscan in a separate incident. The phishing attack, according to CoinGecko, was caused by a malicious advertising script developed by the crypto advertising network Coinzilla. Etherscan further said that the cause was a third-party integration.
In the case of SpiritSwap, the attacker was able to “change the frontend to transfer money to a wallet under their own control.” In this case, the attacker was able to evade $18,000.
Most platforms have announced that they have restored access, but no information about the attackers has been released. Both attacks are bold, affecting a wide range of prominent websites, including CoinGecko and Etherscan. As a result, there would definitely be a strong focus on using other services.
