Attackers hacked multiple DeFi protocols, including QuickSwap, SpiritSwap, and Dextools, following a GoDaddy exploit late last week.
QuickSwap took to Twitter to inform its users that the platform regained control of quickswap.exchange and phishing attacks is halted. It advised users to use quickswap.exchange and beta.quickswap.exchange as a safety precaution if they see the green dot.
Sources revealed that the attacker used a phishing attack in an attempt to steal funds. But so far, it appears that platforms only lost small amounts. Users, who found popups from MetaMask requesting a connection to a malicious site, informed the respective platforms.
CoinGecko and Etherscan were also exploited in a separate incident through a third-party service. CoinGecko highlighted that the attack was a result of a malicious advertising script by Coinzilla, a crypto advertising network. Etherscan also revealed that a third-party integration was to blame. The platform tweeted that it received reports of phishing popups via a third-party integration, and is investigating it. Etherscan urged users to not confirm any transactions that pop up on the portal.
In regards to SpiritSwap, the hacker modified the frontend to divert funds to a wallet under their own control. As such, the attacker made off with $18,000. SpiritSwap tweeted that the hacker created their own version of the platform’s site on the original domain, sending swaps to his wallet. SpiritSwap highlighted that it cannot access the domain to take the site down, but there are no issues with contracts and funds are safe. It advised users to not interact with the domain. SpiritSwap will further update users with more info when it hears back from GoDaddy.
Meanwhile, there hasn’t been news on the attackers. But experts described the attacks as “bold”.