According to CryptoPotato, Galxe, a Web3 credentials and rewards platform, has announced a refund of over $396,000 for more than 980 users affected by last week's DNS attack, along with an additional 10% compensation on the lost funds. The funds will be automatically returned to the wallet addresses from which they were taken unless alternative instructions are provided. The affected users will receive their refunds in Tether (USDT), scheduled to be processed on Oct. 16.
The attacker exploited a DNS hijack, redirecting visitors from Galxe's official website to a malicious phishing site, compromising user funds. In response, Galxe developed a comprehensive recovery plan, assuring users of compensation in USDT on the Polygon network, valued as of Oct. 9, 3 a.m. PT. The platform has also committed to supplementing an additional 10% to the initial loss amount from the project treasury as a goodwill gesture. Only users who authenticated transactions on the phishing site were affected during the attack, while all other aspects of the site remained uncompromised.
Charles Wayn, co-founder of the platform, stated that Galxe is collaborating with two security firms to trace the hacked funds. The platform has enhanced its domain name and service security settings, changed its domain provider, and initiated security audits. The incident was mainly caused by domain registrar Dynadot resetting their account information and granting permission to an impersonator who provided fake documentation claiming to be an authorized member of Galxe. The native token GAL experienced a drop from $1.20 to $1.15 on Friday, Oct. 6, and has since stabilized at $1.14, per CoinGecko.