neurovagrant , 9 hours ago

@briankrebs ...did not expect that to be the mechanism. Wow.

In case folks are interested, we ( @DomainTools ) uploaded all DNS records observed for about a hundred sites listed by the cryptocurrency community as vulnerable, going back to 2024-07-01. Hopefully it helps some investigators and blue teamers.

(Inclusion does not necessarily indicate compromise.)

https://cti-grapevine.com/web3-related-domain-takeovers/

https://github.com/DomainTools/SecuritySnacks/tree/main/2024/DeFiDNS