{"id":66000,"date":"2022-08-18T16:59:17","date_gmt":"2022-08-18T13:59:17","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=66000"},"modified":"2025-09-06T23:03:53","modified_gmt":"2025-09-06T20:03:53","slug":"hackers-attack-celer-network-cross-chain-bridge","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-attack-celer-network-cross-chain-bridge\/","title":{"rendered":"Hackers attack Celer Network cross-chain bridge"},"content":{"rendered":"<p>Hackers compromised the DNS server of the Celer Network cross-chain bridge, cBridge. As a result, the external interface redirected some users to malicious smart contracts.<\/p>\n<blockquote class=\\\"twitter-tweet\\\" data-lang=\\\"en\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">\ud83d\udce2(1\/n)A DNS cache poisoning attack on cBridge\u2019s frontend UI appprox. during 08\/17 07:45pm to 10:00 pm UTC caused some users to be redirected to malicious smart contracts that can drain all approved token amount. FIRST, PLEASE check&#038;revoke any approval to the followings:<\/p>\n<p>\u2014 CelerNetwork (@CelerNetwork) <a href=\\\"https:\/\/twitter.com\/CelerNetwork\/status\/1560123830844411904?ref_src=twsrc%5Etfw\\\">August 18, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>The project team said they acted quickly, so only a small portion of users were affected. All will be fully compensated.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cThe Celer protocol and smart contracts were not affected. The root DNS record was not compromised and was not altered,\u201d the developers said.<\/p>\n<\/blockquote>\n<p>According to them, the attack, similar to the recent Curve Finance incident, targeted third-party DNS providers outside the project&#8217;s control.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cDNS compromise can occur with the frontend of any DeFi application regardless of the protocol&#8217;s own security. We strongly urge the entire blockchain community to enable Secure DNS in their browsers to reduce the risk,\u201d the developers wrote.<\/p>\n<\/blockquote>\n<p>They also urged users to verify smart-contract addresses and reject any suspicious ones.<\/p>\n<p>Earlier this year, hackers stole <a href=\"https:\/\/forklog.com\/en\/news\/hackers-stole-almost-2-billion-from-crypto-projects-in-the-first-half-of-2022\">assets worth $1.97 billion<\/a> from crypto projects.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news on our <a href=\\\"https:\/\/telegram.me\/forklog\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener\\\">Telegram<\/a> \u2014 crypto news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers compromised the DNS server of the Celer Network cross-chain bridge, cBridge. As a result, the external interface redirected some users to malicious smart contracts.<\/p>\n","protected":false},"author":1,"featured_media":66001,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-66000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"17","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=66000"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66000\/revisions"}],"predecessor-version":[{"id":66002,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66000\/revisions\/66002"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/66001"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=66000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=66000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=66000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}