On Tuesday the blockchain platform Waves was the victim of a DNS hijacking attack for a few hours.
Around noon, the official Twitter account of Waves published a warning requesting all the users not to access their accounts with the seed phrase until further notice. While the tweet was erased shortly after, many users were scared because of the lack of details.
The Twitter user of MyCypto documented with screenshots the tweet deleted by Waves and several of the answers given by the company.
wavesplatform has finally somewhat addressed the issue. Still no /clear/ communication on if any funds have been lost or what users should be doing.
The Domain Name System (DNS) is responsible for recording the relationship between the IP address of a website and the names of the domain. DNS hijacking happens when a hacker manages to modify how the DNS interprets IP addresses. This can clearly lead to phishing attacks.
If a hacker creates a web page exactly the same as the original one, it could redirect the users to the false web page. The unwary users reveal their data and information without realizing that it is not on the desired website, thus enabling the hackers to steal their information and ultimately their funds.
On the Waves’ Telegram, the company confirmed rumors and asked the users to remain calm since the problem would be fixed soon. The company stressed that the funds were safe and that the access to the web would be restored soon.
Three hours after the initial tweet from the Waves the CEO of the company, Sasha Ivanov informed the users that the website was back to normal and that no financial damage was done. He added that this situation is proof that the current DNS needs a restructuring.
wavesplatform.com website is back online. We had an unpleasant accident with DNS hijacking, fortunately it was resolved fairly quickly. No financial damage to user wallets occurred. Another reminder that current cenralized DNS system needs a major overhaul, sad Ivanov in the tweet.
Recently other digital wallets have had similar attacks. In April the MyEtherWallet users reported that they were redirected to an unprotected website by using Google’s public DNS.
The developers acted quickly and managed to identify that some of the external servers were compromised. However, they asked the public to make sure that every time they log in the SSL certifies the authenticity of the website.