Last updated:
In a critical cybersecurity breach on October 17, 2024, Ambient Finance, a decentralized finance (DeFi) platform, was targeted by a domain name system (DNS) attack that compromised its website.
Hackers gained control of the platform’s domain, inserting malicious links to steal assets. However, Ambient Finance has regained control of its domain, assuring users that their smart contracts and funds remained safe throughout the incident.
Ambient Finance was founded in 2021 and operates a decentralized exchange (DEX). Last year, it raised $6 million in a seed round with backing from major investors such as Blocktower and Circle Ventures.
Ambient Finance DNS Attack: How Badly Was the Exchange Affected?
The attack began when hackers breached Ambient Finance’s DNS, redirecting users to malicious links to steal their assets.
The team quickly responded by alerting users on social media platform X, urging them not to interact with the site, connect their wallets, or sign any transactions.
The team tweeted on X:
“The Ambient Finance website domain has been hijacked and compromised. The issue is isolated to the frontend website; contracts and funds are safe.”
They clarified that users should wait for further updates before returning to the platform.
DNS attacks like this target a platform’s domain registrar credentials, giving hackers control over the website interface.
This attack typically focuses on the platform’s front end, as the backend smart contracts — the heart of decentralized systems — remain unaffected.
In Ambient Finance’s case, the team quickly reassured users that while the website had been compromised, the integrity of their smart contracts and on-chain infrastructure was not jeopardized.
Two hours after the attack was first reported, Ambient Finance updated users, confirming they had recovered the domain.
However, due to DNS propagation delays, the team recommended that users only interact with the site once the domain updates were fully completed.
The malware used in the attack, identified as Inferno Drainer, is notorious for its ability to steal digital assets.
Cybersecurity firm Blockaid analyzed the attack and revealed that the server used to orchestrate the hack was set up just 24 hours before the breach occurred.
Despite the attack’s speed, Ambient Finance regained control of its domain relatively quickly.
Growing Threat of Cyber Attacks in DeFi
DNS-based attacks have become more prevalent in recent months, and other prominent DeFi platforms like Ethena Labs have also experienced similar breaches just this year.
These attacks typically exploit vulnerabilities in a platform’s web infrastructure, particularly its domain registration, and aim to trick users into revealing sensitive information or signing malicious transactions.
In Ambient Finance’s case, the quick recovery of its domain likely prevented more extensive damage.
While smart contracts and on-chain infrastructure often remain secure, front-end vulnerabilities like DNS attacks can still pose significant user risks.
In September, the automated market maker Balancer suffered a front-end exploit following a social engineering attack, and several other platforms have been similarly compromised in recent months.
According to a recent report by Immunefi, crypto hacks and scams in the third quarter of 2024 amounted to $413 million in losses, a significant decline from the $686 million lost during the same period in 2023.
The report shows that while the overall number of attacks may have decreased, the threat to DeFi platforms remains substantial.
As of the latest attack in Defi space, Radiant Capital, a Binance-backed cross-chain lending protocol, was hacked on Wednesday, October 17, resulting in over $50 million in stolen assets.