Dark mode switch icon Light mode switch icon

Detect Web3 Frontend Attacks with dAppling DNS Monitor

There's been 5+ DNS attacks in the last few months. We built a tool to help protect users.

2 min read Russell

TL;DR: We built dappling.network/monitor to help prevent web3 DNS hijacking attacks. This tool alerts you to potential DNS hijacking. By monitoring over 3,000 Web3 domains (everything on DeFiLlama) for nameserver changes, it helps you be aware when domains are hijacked. Try the tool now and be part of a safer DeFi community.

The DNS Monitor Tool

Why is this needed?

In the last few months there have been several DNS hijacking attacks targeting web3 protocols. These included Frax, Balancer, Galxe, Velodrome, and Aerodrome to name a few.

They all happened the exact same way. The DNS registrar they were using was social engineered, and the hacker was able to change the nameservers and take control over the domain.

These nameserver changes is exactly what the tool looks for and would have detected all 5 of those attacks.

How it works?

We used DeFiLlama to build our original lists of sites to monitor. We then use cloudflare’s DNS over HTTPS api to check each of the nameservers for changes every 5 minutes. If we detect a change, we send out a notification to everyone who subscribed to nameserver changes for that domain + update the monitoring table.

We also automatically add all dappling.network production domains to the monitor list + they get extra features to help them protect their users against these types of attacks.

Next Steps

Video Demo


Thank you

Thank you to the dAppling team for building the tool. CerealSabre from eth.limo for helping me brainstorm this idea and Derrick from Lume for helping me understand DNS at a deeper level. Also huge shout out to the 3DNS team who’s helping reduce the DNS hijacking problem with their hybrid domains.

Originally published on by dAppling