May 2022 - HoneySwap GoDaddy DNS Compromise - $20k (Global)
"Honeyswap is a Decentralized Exchange" "Honeyswap is comprised of liquidity pool contracts deployed to multiple EVM compatible chains which share common frontend interfaces that are maintained by the 1Hive community. Currently Honeyswap supports xDai and Polygon, but plans to expand support to other EVM chains and rollups in the future.
Honeyswap uses a multi-token model to manage the balance between Global and Local incentives. Development, support, and maintainence work that has Global benefits are funded using Honey from 1Hive's common pool. Farming Rewards, where benefits are localized to a one supported chain use a Comb token which can be valued as a derivative of the volume on that specific chain.
Swap fees on Honeyswap are split 1/12 to Honey, 1/12 to the local Comb token for that chain, and 5/6 directly to the pool of liquidity providers facilitating the swap."
"Do not use Honeyswap to make transactions right now! Most probably a front-end error on our side is causing transactions to lead to a malicious address."
"Anyone that used honeyswap in the past 2 days please go to https://revoke.cash and make sure you have no approvals to an address you do not know. Specially look for ⚠️0xD3888a7E6D6A05c6b031F05DdAF3D3dCaB92FC5B"
"We are happy to let you know that we've recovered http://Honeyswap.org domain and you should be able to use it now VERY IMPORTANT- Clear you cache, check if you have this quote from Marcus Aurelius (as shown on image) and not pulling some older cached version."
"Honeyswap domain has been hijacked. We are currently working with domain provider if we can get ASAP access to domain and return everything on place from before. If you know someone who used Honeyswap in past 2 days notify them and do not trade on honeyswap."
"We will create proposal to reimburse those who lost funds due to this unfortunate event, total funds lost are less than 20K$ so it should not be a problem for @1HiveOrg to support this proposal on our @gardensdao governance platform."
Further Analysis
Decentralized exchange HoneySwap used and trusted GoDaddy for their domain name services. One day, an attacker managed to convince GoDaddy to modify the hostnames of the domain, directing the domain name to their own server, where they hosted a malicious replica of the HoneySwap website. Users who tried to interact with the HoneySwap website would be interacting with the malicious version, which routed their funds to the attacker's wallet. In total, the attacker was able to take $20,000 worth of funds before the domain could be fully rerouted back to the proper server. The HoneySwap team reported that they would be compensating all affected users.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Luna Terra Algorithmic Stablecoin Crash > > < < Binance Tourist Billboards in Turkey
Sources/Further Reading
Post Mortem on This Weekends Dns Event (Dec 31)
@Honeyswap Twitter (Dec 31)
@Honeyswap Twitter (Dec 31)
@Honeyswap Twitter (Dec 31)
@Honeyswap Twitter (Dec 31)
Honeyswap - Decentralized Exchange (Dec 31)
Honeyswap | English | 1Hive (Dec 31)
Gnosis Transaction Hash (Txhash) Details | GnosisScan
(Dec 31)
Address 0xD3888a7E6D6A05c6b031F05DdAF3D3dCaB92FC5B | GnosisScan
(Dec 31)
@Mudit__Gupta Twitter (Dec 31)
BlockThreat - Week 19, 2022 - by Peter Kacherginsky (Dec 31)
GoDaddy’s Failure to Prevent Attacks – DeFi Projects Urge The Ecosystem to Abandon Centralised Hosting / Permaweb News (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|