DeFi projects hit by fresh wave of front-end attacks

Following a quiet couple of weeks in terms of major crypto hacks, a recent uptick in front-end attacks has seen users themselves firmly in the crosshairs.

Two such attacks were detected today on platforms OpenEden and Curvance. Another attempt targeted users of Maple Finance last week. 

Front-end attacks rely on gaining access to, for example, a DeFi project’s website, and inserting malicious code which prompts users to unwittingly transfer their crypto assets to the attacker.

A wave of front-end attacks swept over the sector in 2024.

Read more: Compound Finance and Celer Network websites compromised in ‘front-end’ attacks

Early on Monday, Blockchain security firm Blockaid reported a front-end attack on real-world asset tokenization platform OpenEden.

The firm advised users to “refrain from signing transactions and avoid interactions with the dApp until the issue is resolved.”

Blockaid attributed the attack to the AngelFerno crypto wallet drainer.

OpenEden warned users not to interact with either openeden.com or portal.openeden.com “as it can cause you to lose your wallet’s assets.”

The post provides a link to the project’s proof of reserves, to reassure users that underlying assets are safe.

Double trouble

Just hours later, Ethereum Security Alliance member “pcaversaccio” warned of a domain compromise affecting lending platform Curvance’s website.

Read more: The DAO hacked again, but this time it’s the good guys

The tweet includes screenshots, one of which shows the domain having been updated earlier today with no DNSSEC signature. Another shows a malicious approvals transaction, also apparently generated by the AngelFerno drainer.

Curvance reassured users that “preventative measures were taken before any loss of funds occurred.” However, it recommends they “refrain from interacting with the front end until further notice.”

Last week, $2 billion “onchain asset manager” Maple Finance was hit with the same attack. The team updated users after regaining control, stating that “smart contracts and funds have remained safe and unaffected.“

Read more: Inside DeFi 004: ✨ DAO dramas reaching resolution?

Scam-as-a-service

Crypto wallet drainers, such as AngelFerno are so-called “scam-as-a-service” scripts which prompt malicious transactions depending on what’s in the connected victim’s wallet.

The scripts are distributed to phishing scammers and SIM swappers who find innovative ways to lure victims into engaging with the drainer.

Any proceeds from a successful drain are automatically split between scammer and drainer developer according to its code.

Drainer victims are often lured in by false airdrop promises, spoofed front ends, or fake security scares. However, it’s not just naive newbies who fall into the trap; even hackers themselves have been known to get stung.

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.