Ethena Labs Domain Registrar Account Compromise

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 16:33, 24 October 2024 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ethenalabsdomainregistraraccountcompromise.php}} {{Unattributed Sources}} thumb|Ethena Finance Logo/HomepageEthena offers a synthetic stablecoin which claims to be the first fully-backed, onchain, scalable, and censorship-resistant form of money. Shortly after announcing an airdrop for season 2, which was to be conducted throught their website, hackers decided...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Ethena Finance Logo/Homepage

Ethena offers a synthetic stablecoin which claims to be the first fully-backed, onchain, scalable, and censorship-resistant form of money. Shortly after announcing an airdrop for season 2, which was to be conducted throught their website, hackers decided to offer an airdrop of their own, through the same website. After hijacking the domain registrar account, they directed it to a nearly identical website. Multiple users connected and had their wallets emptied. The Ethena Labs domain was ultimately restored, and they apparently even kept the same domain registrar. There has been no word located on any assistance for users who were affected.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66][67][68][69][70][71][72][73][74][75][76][77][78][79][80][81][82][83][84][85][86][87][88][89][90][91][92][93][94][95][96][97][98][99][100][101][102][103][104][105][106][107][108][109][110]

About Ethena Finance

"ENABLING INTERNET MONEY_ Synthetic Dollar and Internet Native Yield"

"Ethena enables the creation and redemption of a delta-neutral synthetic dollar, USDe, crypto's first fully-backed, onchain, scalable, and censorship-resistant form of money.

The mechanism backing USDe enables the first "Internet Bond" offering a crypto-native, value-accruing, dollar-denominated instrument, derived from staked asset returns (to the extent utilized in backing) and the funding and basis spread available in perpetual and futures markets."

"USDe derives its relative peg stability from executing automated and programmatic delta-neutral hedges with respect to the underlying backing assets.

Hedging the price change risk of the backing asset in the same size minimizes fluctuations in the backing asset price as the change in value of the collateral asset is generally offset by the change in value of the hedge.

This enables the synthetic USD value of the collateral to remain relatively stable in most market conditions."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Ethena Labs Domain Registrar Account Compromise
Date Event Description
September 18th, 2024 10:29:00 AM MDT Suspected Phishing Report The domain of Ethena Labs shows that is has been reported for suspected phishing, according to meta_danm.
September 18th, 2024 10:33:00 AM MDT PocketUniverse Warning Tweet PocketUniverse reports the detection of a "frontend hack" on the Ethena labs official website, referencing a transaciton which allows the wallet to be fully drained.
September 18th, 2024 10:38:00 AM MDT User Reports Getting Hacked User @meta_danm reports getting hacked through Ethena's website, with a screenshot of some blockchain transactions.
September 18th, 2024 10:59:00 AM MDT BlockAid Tweet Blockaid announces the detection of a potential front-end vulnearbility on the Ethena Labs website.
September 18th, 2024 11:00:00 AM MDT Ethena Labs Announcement Ethena Labs posts a public announcement about the account compromise. They also simultaneously are apparently seeking a security expert to join their team.
September 18th, 2024 11:57:00 AM MDT Allegations This Is A Repeat Twitter user GambleDadby claims that Ethena Labs did the same thing a week earlier but didn't even notify people that the website was down. He provides some evidence publicly. Most responses are from scam recovery services.
September 18th, 2024 1:19:00 PM MDT Domain Control Regain Announced Ethana Labs posts an update that they've "worked with the registrar to regain control of our domain and had the phishing domains blocked across various services to protect our users".
September 20th, 2024 12:28:00 AM MDT Investigation Conclusion Tweet Ethena Labs posts a conclusion to their investigation where they are working with their registrar and confirm that the domain name is safe. They remind users to be vigilant against phishing attacks.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Ethena Labs posted on X platform that their Ethena domain registrar account was recently compromised. They have taken measures to disable the website until further notice."

"The Ethena domain registrar account was recently compromised and we have taken steps to deactivate the site until further notice.

The protocol is unaffected and funds are safe.

Please do not interact with any site or application purporting to be the Ethena frontend."

Ultimate Outcome

"We've worked with the registrar to regain control of our domain and had the phishing domains blocked across various services to protect our users.

To reiterate, the protocol is not affected and funds are secure.

ethena[.]fi remains the only official domain and we will reinstate the frontend site once we have fully investigated over the next few hours."

"Concluding our investigation:

We have worked closely with our registrar and have secured the http://ethena.fi domain.

No Ethena systems were compromised and the Ethena frontend has been restored. The protocol was not impacted and we are resuming normal operations.

Remember scammers are always chasing you—whether its fake phishing sites or taking over legitimate websites.

Please slow down and always check everything twice before interacting."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @ethena_labs Twitter (Accessed Oct 23, 2024)
  2. Ethena (Accessed Jul 17, 2024)
  3. @ethena_labs Twitter (Accessed Oct 23, 2024)
  4. @ethena_labs Twitter (Accessed Oct 23, 2024)
  5. @jobsincrypto Twitter (Accessed Oct 23, 2024)
  6. @meta_danm Twitter (Accessed Oct 23, 2024)
  7. @meta_danm Twitter (Accessed Oct 23, 2024)
  8. @meta_danm Twitter (Accessed Oct 23, 2024)
  9. @incrypted Twitter (Accessed Oct 23, 2024)
  10. @OAK_Res Twitter (Accessed Oct 23, 2024)
  11. @GambleDadby Twitter (Accessed Oct 23, 2024)
  12. @blockaid_ Twitter (Accessed Oct 23, 2024)
  13. @PocketUniverseZ Twitter (Accessed Oct 23, 2024)
  14. @hashvalue Twitter (Accessed Oct 23, 2024)
  15. @Cryptonewsterm Twitter (Accessed Oct 23, 2024)
  16. @BlockInsider_ Twitter (Accessed Oct 23, 2024)
  17. @LorettaHam37934 Twitter (Accessed Oct 23, 2024)
  18. @NiktoWeb Twitter (Accessed Oct 23, 2024)
  19. @coinlivespace Twitter (Accessed Oct 23, 2024)
  20. @Echoeweb Twitter (Accessed Oct 23, 2024)
  21. @willethbtc Twitter (Accessed Oct 23, 2024)
  22. @ColemanGar30649 Twitter (Accessed Oct 23, 2024)
  23. @Cryptonewsterm Twitter (Accessed Oct 23, 2024)
  24. @crypto__mak Twitter (Accessed Oct 23, 2024)
  25. @btc_pulse_ Twitter (Accessed Oct 23, 2024)
  26. @NoneAgeOfficial Twitter (Accessed Oct 23, 2024)
  27. @procent_crypto Twitter (Accessed Oct 23, 2024)
  28. @coinscreed Twitter (Accessed Oct 23, 2024)
  29. @Canbartu_eth Twitter (Accessed Oct 23, 2024)
  30. @crypto__mak Twitter (Accessed Oct 23, 2024)
  31. @cripto_t Twitter (Accessed Oct 23, 2024)
  32. @encoinotagcom Twitter (Accessed Oct 23, 2024)
  33. @CoinnessGL Twitter (Accessed Oct 23, 2024)
  34. @CoinnessGL Twitter (Accessed Oct 23, 2024)
  35. @CryptoHeadio Twitter (Accessed Oct 23, 2024)
  36. @heitravel Twitter (Accessed Oct 23, 2024)
  37. @ToriKeller36413 Twitter (Accessed Oct 23, 2024)
  38. @Bradicoin10 Twitter (Accessed Oct 23, 2024)
  39. @lunaray_co Twitter (Accessed Oct 23, 2024)
  40. @0xedeon Twitter (Accessed Oct 23, 2024)
  41. @BushOrangutan Twitter (Accessed Oct 23, 2024)
  42. @JasonDotX Twitter (Accessed Oct 23, 2024)
  43. @kifakrec Twitter (Accessed Oct 23, 2024)
  44. @RespectTRNews Twitter (Accessed Oct 23, 2024)
  45. @Altcoin_Alerts Twitter (Accessed Oct 23, 2024)
  46. @CoinNewsify Twitter (Accessed Oct 23, 2024)
  47. @KryptoKaadhal Twitter (Accessed Oct 23, 2024)
  48. @CryptoChrisG Twitter (Accessed Oct 23, 2024)
  49. @LukasShmutz Twitter (Accessed Oct 23, 2024)
  50. @panthera_news Twitter (Accessed Oct 23, 2024)
  51. @xMichaellMoore Twitter (Accessed Oct 23, 2024)
  52. @0xedeon Twitter (Accessed Oct 23, 2024)
  53. @kriptemoji Twitter (Accessed Oct 23, 2024)
  54. @LighthouseOne_ Twitter (Accessed Oct 23, 2024)
  55. @imcoinx Twitter (Accessed Oct 23, 2024)
  56. @johnmorganFL Twitter (Accessed Oct 23, 2024)
  57. @JaguarDigi16 Twitter (Accessed Oct 23, 2024)
  58. @Antamonides Twitter (Accessed Oct 23, 2024)
  59. @JacquelineZ77 Twitter (Accessed Oct 23, 2024)
  60. @iNewsBTC Twitter (Accessed Oct 23, 2024)
  61. @AdikaMugeni Twitter (Accessed Oct 23, 2024)
  62. @hexad_army Twitter (Accessed Oct 23, 2024)
  63. @AntonProfiT Twitter (Accessed Oct 23, 2024)
  64. @tryPluid Twitter (Accessed Oct 23, 2024)
  65. @luck661 Twitter (Accessed Oct 23, 2024)
  66. @bitnoticias_ Twitter (Accessed Oct 23, 2024)
  67. @_TOBTC Twitter (Accessed Oct 23, 2024)
  68. @InvezzPortal Twitter (Accessed Oct 23, 2024)
  69. @NorqueNoq Twitter (Accessed Oct 23, 2024)
  70. @ForkLog Twitter (Accessed Oct 23, 2024)
  71. @kmets_ Twitter (Accessed Oct 23, 2024)
  72. @FlashDeutsch Twitter (Accessed Oct 23, 2024)
  73. @blowfishxyz Twitter (Accessed Oct 23, 2024)
  74. @joinsecret3 Twitter (Accessed Oct 23, 2024)
  75. @Telo_Official Twitter (Accessed Oct 23, 2024)
  76. @cry_pto_news Twitter (Accessed Oct 23, 2024)
  77. @criptofacil Twitter (Accessed Oct 23, 2024)
  78. @cry_pto_news Twitter (Accessed Oct 23, 2024)
  79. @tapchibtc_io Twitter (Accessed Oct 23, 2024)
  80. @oshimaru_more Twitter (Accessed Oct 23, 2024)
  81. @LaCryptoMonnai1 Twitter (Accessed Oct 23, 2024)
  82. @0xairdropfarmer Twitter (Accessed Oct 23, 2024)
  83. @LaCryptoMonnai1 Twitter (Accessed Oct 23, 2024)
  84. @3dns_inc Twitter (Accessed Oct 23, 2024)
  85. @4cmediaco Twitter (Accessed Oct 23, 2024)
  86. @TheBlock__ Twitter (Accessed Oct 23, 2024)
  87. @0xphatbear Twitter (Accessed Oct 23, 2024)
  88. @Olympix_ai Twitter (Accessed Oct 23, 2024)
  89. @CoinmatomeNews Twitter (Accessed Oct 23, 2024)
  90. @CryptoAI_Digest Twitter (Accessed Oct 23, 2024)
  91. @LaCryptoMonnai1 Twitter (Accessed Oct 23, 2024)
  92. @ICODrops Twitter (Accessed Oct 23, 2024)
  93. @LaCryptoMonnai1 Twitter (Accessed Oct 23, 2024)
  94. @woshiguaizi Twitter (Accessed Oct 23, 2024)
  95. @AirdropDuyuru Twitter (Accessed Oct 23, 2024)
  96. @bitbank_markets Twitter (Accessed Oct 23, 2024)
  97. @wagmiglobal_ Twitter (Accessed Oct 23, 2024)
  98. @Crypto_Potato Twitter (Accessed Oct 23, 2024)
  99. @ZStewardZ Twitter (Accessed Oct 23, 2024)
  100. @BanklessHQ Twitter (Accessed Oct 23, 2024)
  101. @pandaly520 Twitter (Accessed Oct 23, 2024)
  102. @AntCaveClub Twitter (Accessed Oct 23, 2024)
  103. @Cointelegraph Twitter (Accessed Oct 23, 2024)
  104. @AltWonderland Twitter (Accessed Oct 23, 2024)
  105. @cryptohuntz Twitter (Accessed Oct 23, 2024)
  106. @brucelolzz Twitter (Accessed Oct 23, 2024)
  107. @Altcoin_Alerts Twitter (Accessed Oct 23, 2024)
  108. @MetisCharter Twitter (Accessed Oct 23, 2024)
  109. @cryptolfggo Twitter (Accessed Oct 23, 2024)
  110. @Crypto_TomP Twitter (Accessed Oct 23, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Ethena_Labs_Domain_Registrar_Account_Compromise&oldid=6253"