“Immune” to Front End Attack when using DeFi protocols
Lately, the crypto industry has continuously recorded cases of Front End Attacks targeting DeFi/NFT protocols. So what is this attack method and how to prevent it?
What is Front End Attack?
For example, when you access PancakeSwap, everything is still very normal, but when you start swapping your WBNB, a request appears to approve the WBNB, even though you have swapped WBNB a lot before. many times. You check everything, the link is correct, the interface is familiar, you think it's probably nothing serious and press the transaction approve for WBNB and boom... your entire amount of WBNB is suddenly transferred even though you didn't do anything. other. This is exactly what happens to victims of a Front End Attack, also known as a “DNS attack” in the cryptocurrency market. Once a hacker gains control of a temporary domain name, the hacker can replace the protocol's smart contracts with smart contracts capable of withdrawing funds from wallets that interact with them, hidden under a completely identical interface. with the original protocol.
The fact that Front End Attacks are not uncommon, the largest protocols in the cryptocurrency market are also inevitably targeted by these attacks:
- August 18 2022: Celer Network suffers from DNS attack, estimated damage of USD 240,000
- August 10, 2022: Curve Finance has a DNS attack, estimated damage of USD 570,000
- July 17, 2022: Balancer is the next DEX to be attacked by phishing
- July 12, 2022: CZ Binance claims Uniswap was “hacked”, but it turned out to be a “false alarm”
- June 24, 2022: Convex Finance suffers from DNS attack
- Mar 16, 2021: Cream Finance and Pancakeswap suffer from DNS attacks
As you can see, these are very popular and "reputable" protocols for DeFi users in general, so anyone can become a victim. cause of Front End attacks like this. Although I'm quite fortunate that I haven't had any hacks, because these attacks happen very quickly, on average only a few hours before someone notices something unusual. But what if you are unfortunately one of the first to interact with the malicious smartcontracts of this type of attack?
Don't worry too much, with the following tips and a little more attention when using protocols, you can protect yourself from these attacks.
Immune Guide to Front End Attacks
Swap tokens on PancakeSwap
Let's take an example, when you want to swap BNB to BUSD on PancakeSwap.
You visit the website of PancakeSwap, connect the MetaMask wallet and are ready to make transactions on BNB Chain.
Then press Swap and MetaMask pops up asking to confirm the transaction.
Here you can see the smart contract of PancakeSwap Route V2 will be 0x10ED43C718714eb63d5aA57B78B54704E256024E. So, before making any transactions on PancakeSwap, check that the smart contract address you will interact with is the correct one.
How to know if smart contract address is standard?
Very simply, you can go to bscscan.com to check the smart contract address.
Alternatively, you can double check by reading the protocol documentation. Check if transactions with that smart contract address are unusual?
However, having to remember the address of the contract is also a big problem, in case you use multiple protocols. In this case, MetaMask has a little-known feature that is naming contract addresses, just as you would name your personal wallet addresses. To use this feature, simply click on the contract address above and give it a name.
And that's it. Your transaction confirmation will now show the name you assigned to that address instead of a string of hard-to-remember characters.
In case PancakeSwap suffers a Front End attack, now when you interact with Pancake's smart contract swap, if you don't see the name you have set, wait, stop for about 2 seconds to check again.
One of the habits that I always make when using cryptocurrencies is to double-check anything's wallet address before taking action. And smartcontract addresses are no exception.
You should edit the names of all the contracts of the protocols with which you interact frequently These protocols also contain many other smart contracts like swap, staking, governance… so you should also name them all. all these contracts to make sure you only interact with official contracts and don't fall victim to a Front End Attack.
Once you've named everything in your wallet, you'll almost eliminate the risk of a Front End Attack. Also, remember to always double check what you are about to do before confirming a transaction on MetaMask.
Aug 30, 2022