Celer Network Shuts Down Multi-chain Bridge Over DNS Exploit

cBridge Suffers DNS Exploit

A suspected DNS exploit has forced blockchain interoperability platform, Celer Network, to temporarily shut down activity on its multi-chain bridge, cBridge.

Initial investigations by Celer Network show that some suspicious DNS activity on the cBridge began around 19:00pm UTC on August 17. The platform believes that the exploit is designed to lure users into interacting with some compromised smart contracts and drain users’ crypto assets in the process.

???We are seeing reports that reflects potential DNS hijacking of cbridge frontend. We are investigating at the moment and please do not use the frontend for bridging at the moment.

— CelerNetwork (@CelerNetwork) August 17, 2022

While the platform continues its investigations, it has shut down the cBridge frontend user interface as an interim measure to protect users.

In addition, Celer has alerted users to revoke any token approvals they gave to the following smart contracts:

• Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8
• BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF
• Polygon: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9
• Avalanche: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
• Arbitrum: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
• Astar: 0x9c8B72f0D43BA23B96B878F1c1F75EdC2Beec9F9
• Aurora: 0x9c8b72f0d43ba23b96b878f1c1f75edc2beec9f9

To revoke approvals, users need to visit the token approval page of each network’s blockchain explorer. Users on BNB Chain can use the BSC News guide, and the process is similar on other networks.

???If you recently used cBridge, please make sure to check and revoke any token approval for the following contracts:
Ethereum: 0x2A2aA50450811Ae589847D670cB913dF763318E8
BSC: 0x5895da888Cbf3656D8f51E5Df9FD26E8E131e7CF
(cont’ in next thread) https://t.co/HJbCxq4RqN

— CelerNetwork (@CelerNetwork) August 17, 2022

The use of cross-chain bridges like cBridge is quite popular perhaps because of its convenience. However, there have been concerns about their possible security vulnerabilities; Ethereum’s founder, Vitalik Buterin, famously called them out in a tweet earlier this year:

My argument for why the future will be *multi-chain*, but it will not be *cross-chain*: there are fundamental limits to the security of bridges that hop across multiple «zones of sovereignty». From https://t.co/3g1GUvuA3A: pic.twitter.com/tEYz8vb59b

— vitalik.eth (@VitalikButerin) January 7, 2022

Celer Network is currently investigating the full extent of the DNS exploit. BSC News will bring you the news as more details emerge.

Source