The official website of the web3 credentials and rewards platform Galxe was compromised due to a DNS hijack attack on its front-end website, the team confirmed.
The team notified users of the incident, advising them not to use the site. During the attack, hackers executed a DNS exploit to take control of Galxe's official website link and redirected users to a phishing site associated with a malicious contract aiming to steal user funds.
Galxe stated the compromise targeted its account with the domain name registrar, Dynadot.
"We’ve detected a security breach affecting the DNS record for 'galxe.com' through our Dynadot account. Please refrain from visiting the site from all channels while we are resolving the issue," the team said.
The incident has resulted in user losses
The incident appears to have resulted in a loss of funds, with crypto sleuth ZachXBT noting that an address linked to the hacker has received funds from Galxe users.
Galxe is a web3 platform that allows developers to leverage digital credential data and NFTs to reward users for their participation in various crypto activities. Users receive custom reward programs from projects and developers for attending community events, participating in governance tasks, or completing incentivized activities.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.