Posted on March 17, 2023 at 4:15 PM
Wale Guard reveals DDoS exploit that peaked at 600 million attacks per minute
Security extension Wallet Guard revealed a massive distributed denial-of-service (DDoS) attack on March 16. The company revealed that it was defending itself against a DDoS exploit and a bot campaign that started on March 13.
Wallet Guard defends itself against a DDoS exploit
DDoS campaigns have been on the rise. These campaigns target critical organizations to take them offline by bombarding them with high traffic. Wallet Guard has been the latest victim of a major DDoS attack.
In the recent alert, Wallet Guard noted that it was fully mitigated against this attack, indicating that it had employed the right measures to ensure its systems were not affected by the exploit. At its peak, the attack recorded more than 600 million attacks per minute.
The company published an update on this attack, saying that it was defending itself against a well-organized DDoS attack. It also noted that the attackers had targeted its social media platforms by botting its Twitter account.
The attack started on March 13, indicating that the company has been defending itself against a campaign lasting over four days. The company also noted that the attackers were reacting to the defense measures employed by Wallet Guard by changing their attack strategies. The attackers have since targeted JoinFire, another security extension.
Wallet Guard said its Twitter account was locked as a precautionary measure because of the bot attack on the platform. The company noted that it was awaiting a response from Twitter on the attack. Wallet Guard also said that the exploit was caused by some wallet drainers abusing Blur approvals.
In the post-mortem update, Wallet Guard said that the attack was motivated by the recent introduction of wallet drainers leveraging active Blur approvals to drain victims in a single transaction, which posed a significant threat to the wallet users.
“This attack is not just on us but all of end-user security; as soon as we mitigated the attackers, they switched over to attacking another security extension, JoinFire and began botting our Twitter account with followers to get it suspended to cut off communication to our users,” the company update said.
DDoS attacks are usually focused on disrupting the normal operations of the target network. In DDoS attacks, hackers usually deploy multiple systems to flood the targeted system’s bandwidth or resources and take it offline. The goal is to make the targeted system unavailable to the intended users.
DDoS attacks usually use several different IP addresses or machines. The attack appears to originate from thousands of hosts that are usually infected by malware, which wreaks havoc on the users of the affected network.
Crypto attacks have been on the rise
Attacks in the cryptocurrency sector have been persistent in recent years because of the sector’s growing popularity. Throughout 2022, several protocols in the cryptocurrency sector suffered hacking exploits, and it appears that more attacks will be launched in 2023.
A report published in December last year revealed a theft of $3.7 billion in attacks conducted in the digital asset industry. It appears that more exploits and thefts will happen this year despite the efforts being taken by these platforms to protect themselves and their users.
In January this year, a phishing attack targeting a user of a decentralized finance (DeFi) protocol resulted in a theft of $3.4 million. There have also been several notable hijacks of popular Twitter accounts where hackers are luring users into being the victims of scams in the cryptocurrency sector.
Towards the end of January this year, the social media accounts of Robinhood, one of the largest retail trading platforms, were targeted by a hacking attack. The Azuki non-fungible token (NFT) project also suffered a breach. There was also a significant attack on the official social media account of an Indian government official.
This year, community and digital asset companies have taken measures to fight against these attacks caused by hackers and scammers. Towards the end of February, the Oasis decentralized platform revealed that it had managed to attack the exploiter behind last year’s attack on the Wormhole protocol.
Some crypto community members have also come together to investigate blockchain activity and ensure that any possible exploits are identified and mitigated before they can cause major damage. The popularity of ZachXBT on Twitter and Coffeezilla on YouTube has increased because of their efforts to disclose hacks and scams in the crypto industry.
