On October 6, the Web3 community platform Galxe suffered a DNS hijacking incident, which sent shockwaves through the digital asset ecosystem. The malevolent act saw the platform’s official website temporarily commandeered by nefarious actors, who diverted unsuspecting users to a phishing site with sinister intentions of pilfering funds​.  The platform’s team promptly cautioned users against accessing the site to avoid falling victim to this scam.

At 14:44 UTC, the Galxe platform realized its official website was offline. Upon further scrutiny, the team discerned a grave security breach affecting its Domain Name System (DNS) record. They swiftly acknowledged the breach and cautioned users against visiting the domain until they rectified the situation. About 40 minutes later, they confirmed the unfortunate incident to their community​.

The fallout from the DNS hijack was immediate and financially draining. Crypto sleuths such as ZachXBT quickly identified that an address linked to the hacker was accumulating funds from Galxe users. 

At 17:15 UTC, the ill-gotten gains hovered around the $160,000 mark, revealing the enormity of the crisis at hand. Moreover, evidence surfaced linking this malicious activity to a similar DNS hijack on the Balancer decentralized exchange on September 20, hinting at a pattern of targeted DNS attacks within the crypto community.

The gravity of the situation exacerbated as the website came back online, with some users still reporting unauthorized fund transfers. The hacker seemingly exploited a smart contract across various networks, including Ethereum, Optimism, and Arbitrum, among others, exhibiting a high level of sophistication and understanding of the crypto space​.

The Galxe incident is part of a worrying trend, as Web3 projects have been increasingly targeted by hackers. A report from security platform Immunefi highlighted a dramatic rise in attacks on these projects, with losses amounting to approximately $686 million in Q3 2023 alone.

Community reactions

Post-incident, Galxe’s spokesperson relayed a message to the public, assuring them that steps were being undertaken to bring the website back online safely. The spokesman stated that around 9 a.m. PST on October 6, domain ownership of the site had been reclaimed, and security measures were enhanced with the assistance of domain registrar service Dynadot. Additionally, the spokesperson said that the team liaised with law enforcement authorities to investigate the matter further and prevent such occurrences in the future. 

It is important to know that despite the update from Galxe, some users expressed dissatisfaction.  One user claimed that their wallet got hacked despite the announcement that the site has fully recovered. 

Galxe is a platform built on web3 technology that enables developers to utilize digital credential data and NFTs (non-fungible tokens) to incentivize users for their involvement in a range of crypto-related activities. Participating users can earn customized rewards from projects and developers by attending community events, engaging in governance tasks, or completing incentivized activities.