According to CryptoPotato, millions of digital assets have been stolen by cyber adversaries through DNS hijacking attacks for phishing purposes, targeting users’ wallet seed phrases, or creating deceptive webpages that closely resemble legitimate sites. Domain Name System (DNS) attacks play a crucial role in the internet’s infrastructure, providing insights into security incidents in Web 2 that have directly affected the Web3 industry. A recent report by CertiK suggests that transitioning to decentralized frontends could be a practical way to tackle these challenges.
DNS hijacking is an attack that targets a core component of Internet infrastructure. It has the potential to render a public DNS service inaccessible in certain scenarios, or it can be employed to reroute users to malicious websites, in other cases. Users inadvertently access these deceitful sites via the compromised servers, exposing themselves to potential phishing attacks and the downloading of malware that can compromise their devices. CreamFinance and PancakeSwap reported DNS hijacking attacks in 2021, and several other DeFi protocols experienced frontend breaches as a result of DNS hijack attacks.
CertiK emphasized the need for adopting the combination of IPFS and ENS, which demonstrates the potential of decentralized and DLT-based solutions in reducing DNS hijacking attacks. These systems prioritize content authenticity, minimize points of failure, and substantially lower the vulnerabilities associated with centralized control and authority. The move towards decentralized infrastructure, along with continuous strengthening of both human and technological defenses, has become essential for the future security of Web3 projects and their users.