NEO’s Decentralized Exchange Responds to US$150k Ethereum Heist
The internet’s first multichain decentralized exchange (DEX), Switcheo, has issued security guidelines to its users in wake of the recent hijacking of MyEtherWallet (MEW) as a result of a Domain Name System (DNS) hack.
The heist, which saw over US$150,000 worth of Ethereum tokens siphoned from users wallets, occurred over two hours on the 24th of April. Only users whose computers were set to use Google’s public DNS servers, which is a default for many, were affected.
The Switcheo platform, built on the NEO blockchain for trading NEP-5 tokens, NEO and GAS, has responded by claiming that the attack on MEW would not have been successful if the developers had implemented HSTS policies, otherwise known as HTTP Strict Transport Security headers.
Such headers make HTTPS mandatory by the users browser and disallows them from bypassing warnings, such as the one displayed to users while MEW’s DNS listing had been set for redirction to a malicious version of the ad-hoc wallet service.
To heed these warnings would have meant the prevention of having their funds transferred to another wallet upon successful login.
The Switcheo platform has confirmed it already is using the HSTS headers. The company further detailed their extensive series of measures to void the abuse of DNS infrastructure, which has become increasingly common.
They also revealed a recent contract signed with world-renowned security firm HackerOne, who are managing Switcheo’s vulnerability reward/bug bounty program. This results in the Switcheo exchange being continuously audited for weaknesses in security.
Image From Shutterstock