Topic: 🚨🚨 Galxe Hacked Warning (Read 293 times)
Today Galxe has fully compensated the losses incurred by the participants and plus 10% as compensation - https://polygonscan.com/tx/0xdc770a33298d1d28e7150a38cd78f6f359ee27987d2ce54af5c6fa24b019014f The payment was made in USDT on the Polygon network. In total, the total amount paid by Galxe company was $466296.74.
This is actually good but I wonder why they are giving some more amount despite they are also victims of this event and they are really confident of giving such a big amount to each user that are victim of this hacking as if they already have the allocations of what's gonna happen. This sounds like a conspiracy theory but the way you look at it really makes it weird because that doesn't really make sense Returning what their users have lost is already enough but giving them an extra amount seems suspicious to me.
Yes, Galxe turned out to be pioneers in this, since I do not recall such a case when, in addition to the lost money, additional funds were returned, which can be regarded as compensation for moral damage. For those who have lost their funds, this compensation is an easy way to get 10% to the deposit in 1 week, which is a good profit for the investor.
Galaxy introduced fund recovery plan for the affected users. If you are affected from this, you will refund 110% from the stolen funds. That means you will get additional 10% compensation. Also they will directly send USDT(Polygon network) to the wallets.
Eg : If your wallet had 1000$, you will receive 1100$.
Eg : If your wallet had 1000$, you will receive 1100$.
This is actually good but I wonder why they are giving some more amount despite they are also victims of this event and they are really confident of giving such a big amount to each user that are victim of this hacking as if they already have the allocations of what's gonna happen. This sounds like a conspiracy theory but the way you look at it really makes it weird because that doesn't really make sense Returning what their users have lost is already enough but giving them an extra amount seems suspicious to me.
~Snipped
It was a Frontend hack that originated with some impersonation and involved some redirection of the website to a phished version and users that interacted with that phished version were the ones that got compromised.
Wow! So, that's another level of phishing attack. Not attacking the platform directly, but rerouted the users to a phishing version of the hackers website instead of being directed to the correct website using the exact correct domain. Nobody was really safe that date for the users who made an attempt to log in to their website even if it's bookmarked.
I wonder why that impersonation slipped past their security verifications, I wonder how these falsified documentations we're being made without going through from the inside of Galxe's security.
Yes, this is a known attack vector. As a matter of fact, it happened last month to Balancer where their Frontend was hacked and users directed to a phished version. As long as the attackers can get access to the DNS, they can be able to redirect users to whatever URL they want and most users will blindly trust that they're on the right website without verifying twice.
It's similar to how users fall for phishing that has to do with a hack project's member's account (discord or X) then users just rush to mint NFTs or connect wallets. Happens almost every day in crypto.
Very disheartening to see and hear these incidence of hacking which is becoming too rampant lately.
I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
Hackers are getting wise everyday, and there's no safe project for them especially the small one and the new one.I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
I think I also connect my wallet there once for the airdrop but its ok since that wallet is not active anymore. If you have this better to check it and do the necessary action to be more safe.
Always remember that hackers are very active and they are not sleeping, keep your wallet secured and keep it monitored.
Yeah. Personally, as a precaution I don't use my main wallets for airdrops. For airdrops I have separate wallets for that as I don't trust some of these sites I connect my wallets to.
Hackers are getting smarter by the day and will do anything to catch anyone off guard.
Galaxy introduced fund recovery plan for the affected users. If you are affected from this, you will refund 110% from the stolen funds. That means you will get additional 10% compensation. Also they will directly send USDT(Polygon network) to the wallets.
Eg : If your wallet had 1000$, you will receive 1100$.
Eg : If your wallet had 1000$, you will receive 1100$.
This is actually good but I wonder why they are giving some more amount despite they are also victims of this event and they are really confident of giving such a big amount to each user that are victim of this hacking as if they already have the allocations of what's gonna happen. This sounds like a conspiracy theory but the way you look at it really makes it weird because that doesn't really make sense Returning what their users have lost is already enough but giving them an extra amount seems suspicious to me.
So paying a little extra to those that went through such a difficult experience seems fair to me, now most likely the reason they can do this is that compared to other hacks we have seen over the years this is a relatively small hack, but I still think this is the right move.
Luckily I haven't interacted with this using all of my wallet. This is well used platform for those who are airdrop hunters, I wonder if the hack affected those who connected their wallet in the platform
~Snipped
~Snipped
It was a Frontend hack that originated with some impersonation and involved some redirection of the website to a phished version and users that interacted with that phished version were the ones that got compromised.
Wow! So, that's another level of phishing attack. Not attacking the platform directly, but rerouted the users to a phishing version of the hackers website instead of being directed to the correct website using the exact correct domain. Nobody was really safe that date for the users who made an attempt to log in to their website even if it's bookmarked.
I wonder why that impersonation slipped past their security verifications, I wonder how these falsified documentations we're being made without going through from the inside of Galxe's security.
Very disheartening to see and hear these incidence of hacking which is becoming too rampant lately.
I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
Hackers are getting wise everyday, and there's no safe project for them especially the small one and the new one.I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
I think I also connect my wallet there once for the airdrop but its ok since that wallet is not active anymore. If you have this better to check it and do the necessary action to be more safe.
Always remember that hackers are very active and they are not sleeping, keep your wallet secured and keep it monitored.
Galaxy introduced fund recovery plan for the affected users. If you are affected from this, you will refund 110% from the stolen funds. That means you will get additional 10% compensation. Also they will directly send USDT(Polygon network) to the wallets.
Eg : If your wallet had 1000$, you will receive 1100$.
Eg : If your wallet had 1000$, you will receive 1100$.
This is actually good but I wonder why they are giving some more amount despite they are also victims of this event and they are really confident of giving such a big amount to each user that are victim of this hacking as if they already have the allocations of what's gonna happen. This sounds like a conspiracy theory but the way you look at it really makes it weird because that doesn't really make sense Returning what their users have lost is already enough but giving them an extra amount seems suspicious to me.
Surprisingly, so much time has passed, official statements and precautions from Galxe have already been released, but funds are still flowing into the hacker's wallet to this day. People who do not follow the industry are always in a special risk zone, sometimes you should read the news and use Revoke, or similar services.
The reason for the flow of funds into the hacker's wallet may be that the victims who linked their wallets did not use the "Revoke" feature to unlink the wallet to the malicious contract from the transaction they signed on the phishing site to which they and affected Galxe customers were directed. Consequently, they deposited more funds without being aware of the hacking incident that occurred, believing that their wallets and assets were still secure. Therefore, they proceeded to deposit additional assets, and scammers were able to steal them as well.You pointed out an important thing that may save a lot of similar scam/hacking incidents in the future, which is following the industry and popular news and following up and activating notifications for the project social accounts that the person is involved with because they may publish something important, as happened to Galxe.
Despite this, the developers seem to have promised to reimburse all the lost funds. As far as I remember, they recently announced that they have completely fixed all the problems and while they were doing that, the hacker managed to steal about $200,000, which is not that much by the standards of other hacks. If you look at the various Defi or stock exchange hacks, the amount of losses there is much higher and the developers are not able to cover all the losses of users.
Galaxy introduced fund recovery plan for the affected users. If you are affected from this, you will refund 110% from the stolen funds. That means you will get additional 10% compensation. Also they will directly send USDT(Polygon network) to the wallets.
Eg : If your wallet had 1000$, you will receive 1100$.
Eg : If your wallet had 1000$, you will receive 1100$.
Yes, the Galxe team has made an unprecedented decision to preserve its reputation. I'll add some specifics) For those who have lost their money, need to read the official announcement from Galxe - https://help.galxe.com/en/articles/8461267-october-6th-security-incident-fund-recovery-plan There you will also find a Google table that contains a list of affected wallets.
Quote
Galxe has been hacked and scammer hacked big money and still website is nit recovered. If you have connected your wallet, instantly disconnect wallet and removed all approvals.
Galaxy introduced fund recovery plan for the affected users. If you are affected from this, you will refund 110% from the stolen funds. That means you will get additional 10% compensation. Also they will directly send USDT(Polygon network) to the wallets.Eg : If your wallet had 1000$, you will receive 1100$.
Well, not long ago, the Balancer domain did get attacked. Now here we are again, with another domain attack. The incident reports that the attacker successfully falsified a document concerning the domain registrar account. This shows that cryptocurrency platform hacks, besides the technical risk vector, should also calculate the risk from third parties to which they utilize their services.
It is also worth noting the Galxe team's Operational security, since how could the account owner-related documentation be perfectly falsified? Does Dynadot have weak security verification or is its near-perfect attack being executed? All in all, this suggests that cryptocurrency platforms a lucrative targets for bad actors, and that concludes any platform should take all aspects of security seriously and rigorously.
It is also worth noting the Galxe team's Operational security, since how could the account owner-related documentation be perfectly falsified? Does Dynadot have weak security verification or is its near-perfect attack being executed? All in all, this suggests that cryptocurrency platforms a lucrative targets for bad actors, and that concludes any platform should take all aspects of security seriously and rigorously.
I once connected to Galxe to claim some free NFTs and when I heard the news that Galxe had been hacked, I immediately revoked the connected address.
It's quite dangerous if you don't revoke it because it will affect my assets.
It is getting easier to hack on several platforms that are widely used by users. A good suggestion is not to use the main wallet to carry out other NFT or airdrop claiming activities that require connecting a wallet, because it will be very vulnerable if this kind of hack occurs.
It's quite dangerous if you don't revoke it because it will affect my assets.
It is getting easier to hack on several platforms that are widely used by users. A good suggestion is not to use the main wallet to carry out other NFT or airdrop claiming activities that require connecting a wallet, because it will be very vulnerable if this kind of hack occurs.
Very disheartening to see and hear these incidence of hacking which is becoming too rampant lately.
I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
As much as we wanted to avoid but they didnt take security wisely. Galxe should knew how big their users was and one thing or the other the hackers will try to attack them and they muat have secure their platform cause a lot of people are into airdrops and keep increasing. Well do hope they could remedy the stolen funds and reimburse those who got affected by the hacked.I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
Not necessarily so that they didn't take their security serious. Just know that these hackers are always working tirelessly looking for loopholes. But I am sure they will be stepping up their security architecture to prevent future hacks.
Surprisingly, so much time has passed, official statements and precautions from Galxe have already been released, but funds are still flowing into the hacker's wallet to this day. People who do not follow the industry are always in a special risk zone, sometimes you should read the news and use Revoke, or similar services.
The reason for the flow of funds into the hacker's wallet may be that the victims who linked their wallets did not use the "Revoke" feature to unlink the wallet to the malicious contract from the transaction they signed on the phishing site to which they and affected Galxe customers were directed. Consequently, they deposited more funds without being aware of the hacking incident that occurred, believing that their wallets and assets were still secure. Therefore, they proceeded to deposit additional assets, and scammers were able to steal them as well.Two reason, hacker still able to access many accounts. One which you already mentioned that many wallets is still compromised where they gives permission to the hacker contract and still not revoked.
The second one which mentioned by Galxe in their tweet. Galxe has updated their website while many user still seeing the phising site(old) due to DNS propagation and there are some people who are still connecting accounts
Source tweet
I have followed all social links of platforms i used daily and Gakxe,Taskon,Layer3 are some which I used frequently. If anyone has followed, I hope he would be safe as the news of hacking was disclosed at the twitter. I disconnected my wallet in no time. I believe that more than 10% people still don't know about this incident because they are just airdrop hunters and have no interest in learning.
Surprisingly, so much time has passed, official statements and precautions from Galxe have already been released, but funds are still flowing into the hacker's wallet to this day. People who do not follow the industry are always in a special risk zone, sometimes you should read the news and use Revoke, or similar services.
The reason for the flow of funds into the hacker's wallet may be that the victims who linked their wallets did not use the "Revoke" feature to unlink the wallet to the malicious contract from the transaction they signed on the phishing site to which they and affected Galxe customers were directed. Consequently, they deposited more funds without being aware of the hacking incident that occurred, believing that their wallets and assets were still secure. Therefore, they proceeded to deposit additional assets, and scammers were able to steal them as well.You pointed out an important thing that may save a lot of similar scam/hacking incidents in the future, which is following the industry and popular news and following up and activating notifications for the project social accounts that the person is involved with because they may publish something important, as happened to Galxe.
For those who don't know about this platform "Galxe is web3 based platform which offer projects to connect with audience. As far I know this is biggest platform which has partnerships with almost all big projects including Optimism, Arbitrum, Layerzero and many others. People use it to claim airdrop/NFT/Oat/Whitelist.
Yes last year I used to claim free NFT here from one project, I stopped doing this claim because I cannot keep up with thousands of those who wants to claim I always ended getting nothing I disconnect my wallet here to stop the notification of a new NFT to claim, this platform is huge, there thousands of connected wallet here.
This is the risk of connecting your wallet in a platform be sure to use new wallet if you're going to connect it to a contract based platform, you never know what's going to to happen, hackers are very active in targeting big platform like Galxe.
Surprisingly, so much time has passed, official statements and precautions from Galxe have already been released, but funds are still flowing into the hacker's wallet to this day. People who do not follow the industry are always in a special risk zone, sometimes you should read the news and use Revoke, or similar services.
Very disheartening to see and hear these incidence of hacking which is becoming too rampant lately.
I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
As much as we wanted to avoid but they didnt take security wisely. Galxe should knew how big their users was and one thing or the other the hackers will try to attack them and they muat have secure their platform cause a lot of people are into airdrops and keep increasing. Well do hope they could remedy the stolen funds and reimburse those who got affected by the hacked. I am sure a lot of person doing airdrops must have connected their wallets to this website. And if so, they should revoke asap to keep themselves safe.
Jump to: