Galxe front-end compromised in possible ongoing attack
It has been suggested that the attacker could be the same person as the culprit behind last month’s Balancer attacks
Andrey_Popov/Shutterstock modified by Blockworks
The Domain Name System (DNS) of NFT infrastructure company Galxe has been compromised, with the attacker’s address currently holding $75,000 in digital assets.
In a post on X, Galxe noted that its website was down and the team is currently working on a resolution. The company also urged users not to connect their wallet addresses to Galxe in the meantime.
A separate post by Polkastarter, a Web3 fundraising platform, advised users to revoke permissions that had been given to Galxe.
“We suggest removing all other spending permissions as well to improve the safety of your funds,” the company said on X.
According to the pseudonymous on-chain investigator ZachXBT, the Galxe attacker could be the same entity as the attacker who drained approximately $238,000 from DeFi liquidity protocol Balancer last month.
Stolen funds have been directed to an Ethereum address, which, at the time of writing, holds almost $75,000. The attack appears to be ongoing, with the last token transfer taking place at 12:30 pm ET.
The hacker appears to be using the same smart contract to execute his hacks across the different networks, X user FIP Crypto wrote.
FIP Crypto also recommended that users should revoke the smart contract on the 10 different chains that Galxe is deployed on, including Ethereum, Optimism, Arbitrum, BNB Chain, Base, Polygon, Avalanche, Fantom, Celo and Cronos.
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: Unpacking crypto and the markets.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- 0xResearch: Alpha directly in your inbox.
- Lightspeed: All things Solana.
- The Drop: Apps, games, memes and more.
- Supply Shock: Bitcoin, bitcoin, bitcoin.
