The Celer Network has warned its users to revoke contract approvals to their bridge, since they have suffered an exploit. So far, they estimate that $240k in ETH has been stolen.
Another bridge hack?
Bridge hacks have consistently been amongst some of the largest hacks in 2022. The complexity involved in building bridges is high, and in most cases they are not optimised for security.
The Ronin bridge hack, the Poly Network bridge, and the Wormhole make up the three largest hacks in all of DeFi history ($624m, $611m and $326m respectively).
These hacks have been significant, because when a bridge is vulnerable it doesn’t only call into question the safety of bridges, but also the safety of the blockchains that depend on them.
For example, when the Solana Wormhole bridge was hacked, it could have been disastrous for the Solana ecosystem since it meant that suddenly all of the ETH on the Solana blockchain (that had been wrapped) was suddenly no longer backed.
This is also one of the largest risks for the Polygon blockchain: their bridge depends on a multi sig that, if compromised, could be disastrous: even if the MATIC remained untouched, the ecosystem would suffer if all WBTC and WETH on Polygon were no longer backed by anything.
However, in this case, CelerNetwork did not suffer an exploit on their bridge itself. Rather, they suffered an attack on their front end that, if used, would mean that people were interacting with malicious smart contracts.
These contracts are related to a potential UI hijack to redirect users to interact with the above addresses and drain tokens balances. The cBridge frontend UI is currently offline to be safe and we are doing further investigation.
— CelerNetwork (@CelerNetwork) August 17, 2022
How common are these attacks?
These attacks are very common, and growing more common all the time. Unlike complex interoperability hacks such as that which crippled the Poly Network, front end hacks are quite simple.
Front ends are quintessentially just slightly more sophisticated phishing attacks, but the stakes are that you automatically lose all the money in your wallet if you sign the wrong transaction.
Of course, it isn’t always easy to tell how much is lost in these attacks, given that the addresses to which drained funds are send can be changed during the hack, and it isn’t always clear how many people would have therefore been exposed.
For example, one of DeFi’s most active users according to his Degen Score lost 500k USDC today in such an exploit, after signing a malicious contract.
Do you know a simple signature in Metamask can drain your wallet?
A very experienced user (top 10 by Degen Score) lost almost 500k USDC in an exploit today.
You could be next…
A short thread how it happened and how you can avoid such exploits in future.
— korpi (@korpi87) August 19, 2022
Curve.Fi suffers a similar issue
Earlier this month, a very similar thing happened to Curve.Fi, one of the most important projects in the entire space of DeFi.
The reason that Curve is so important is because it is the main dApp for generating yield without impermanent loss. The growing importance of yield for the Ethereum and DeFi ecosystem has had Curve positioned at the centre of the “Curve Wars”, and has now accumulated $6bn in TVL.
In the case of Curve , $500k was stolen, before the issue was quickly rectified. It could have been a lot worse given how much is traded on the Curve platform each day, but fortunately it was another lucky escape for unwitting DeFi users.
CELR lists on Coinbase
However, the news isn’t entirely negative for CELR, as they responded to the issue very quickly and managed to save a lot of user funds. They chose to freeze the front end to prevent further losses and committed to reimbursing all users who lost funds due to the DNS attack.
Moreover, they have since relaunched their front end after patching the problem and have made sure to add additional monitoring as a preventative measure to ensure that nothing problematic happens again.
All of this comes with the news that CELR was just listed on Coinbase.
For many, exchange listings are moments of anticipation when speculation overprice is the most rife. Nevertheless, it seems that in the case of Coinbase particularly, listings can be foreshadow doom in token price.
After all, Coinbase’s own listing when they launched their IPO signalled the top of the market in 2021.
Luckily, the efficient and swift way the Celer Network team handled this issue shows the project’s strength and can actually be a positive aspect for its future, since they have now been tested and done well.
Relevant news:
Tamadoge - The Play to Earn Dogecoin
- '10x - 50x Potential' - CNBC Report
- Deflationary, Low Supply - 2 Billion
- Listed on Bybit, OKX, Bitmart, LBank, MEXC, Uniswap
- Move to Earn, Metaverse Integration on Roadmap
- NFT Doge Pets - Potential for Mass Adoption