Steakhouse postmortem reveals DNS hijack caused by registrar 2FA bypass

ambcryptoPublicado a 2026-04-10Actualizado a 2026-04-10

Resumen

Steakhouse's postmortem of a 30 March security incident reveals that attackers hijacked its domain through a social engineering attack on its registrar, OVHcloud. The attacker impersonated the account owner, convinced support to disable hardware-based two-factor authentication, and took full control of the account. This allowed them to redirect DNS to a phishing site with a wallet drainer for about four hours. No user funds were lost, as on-chain systems remained secure, and wallet protections quickly detected the fake site. The breach underscores the risk of off-chain infrastructure vulnerabilities and over-reliance on a single registrar. Steakhouse has since migrated registrars, enhanced DNS monitoring, and implemented stricter domain security controls.

A postmortem from Steakhouse has shed new light on a 30 March security incident. Attackers briefly hijacked its domain to serve a phishing site, exposing a critical weakness in off-chain infrastructure rather than on-chain systems.

The team confirmed that the attack stemmed from a successful social engineering attempt targeting its domain registrar, OVHcloud. This allowed the attacker to bypass two-factor authentication and take control of DNS records.

Social engineering led to full account takeover

According to the report, the attacker contacted the registrar’s support desk, impersonated the account owner, and convinced a support agent to remove hardware-based two-factor authentication.

Once access was granted, the attacker rapidly executed a series of automated actions. This included deleting existing security credentials, enrolling new authentication devices, and redirecting DNS records to infrastructure under their control.

This enabled the deployment of a cloned Steakhouse website embedded with a wallet drainer, which remained intermittently accessible for roughly four hours.

Phishing site active, but funds remained safe

Despite the severity of the breach, Steakhouse stated that no user funds were lost and no malicious transactions were confirmed.

The compromise was limited to the domain layer. On-chain vaults and smart contracts, which operate independently of the frontend, were not affected. The protocol emphasized that it holds no admin keys that could access user deposits.

Browser wallet protections from providers such as MetaMask and Phantom quickly flagged the phishing site, while the team issued a public warning within 30 minutes of detecting the incident.

Postmortem highlights vendor risk and single points of failure

The report points to a key failure in Steakhouse’s security assumptions: reliance on a single registrar whose support processes could override hardware-based protections.

The ability to disable two-factor authentication via a phone call, without robust out-of-band verification, effectively turned a credential leak into a full account takeover.

Steakhouse acknowledged that it had not adequately assessed this risk, describing the registrar as a “single point of failure” in its infrastructure.

Off-chain vulnerabilities remain a weak link

The incident underscores a broader issue in crypto security — that strong on-chain protections do not eliminate risks in surrounding infrastructure.

While smart contracts and vaults remained secure, control over DNS allowed the attacker to target users through phishing, a method increasingly common in the ecosystem.

The attack also involved tools consistent with “drainer-as-a-service” operations, highlighting how attackers continue to combine social engineering with ready-made exploit kits.

Security upgrades and next steps

Following the incident, Steakhouse has migrated to a more secure registrar. It implemented continuous DNS monitoring, rotated credentials, and launched a broader review of vendor security practices.

The team also introduced stricter controls for domain management, including hardware key enforcement and registrar-level locks.

Final Summary

Steakhouse’s postmortem reveals that a registrar-level 2FA bypass enabled a DNS hijack, exposing users to phishing despite secure on-chain systems.
The incident highlights how off-chain infrastructure and vendor security remain critical vulnerabilities in crypto ecosystems.

Preguntas relacionadas

QWhat was the root cause of the security incident at Steakhouse on March 30th?

AThe root cause was a successful social engineering attack targeting their domain registrar, OVHcloud, which allowed the attacker to bypass two-factor authentication and take control of the DNS records.

QHow did the attacker manage to bypass the two-factor authentication on the registrar account?

AThe attacker impersonated the account owner, contacted the registrar's support desk, and convinced a support agent to remove the hardware-based two-factor authentication protection.

QWere any user funds lost as a result of this DNS hijacking and phishing attack?

ANo, Steakhouse confirmed that no user funds were lost and no malicious transactions were confirmed. The on-chain vaults and smart contracts were not compromised.

QWhat key security failure did the postmortem report identify in Steakhouse's infrastructure?

AThe report identified the reliance on a single registrar, whose support processes could override hardware-based protections, as a critical 'single point of failure' that was not adequately assessed.

QWhat security measures did Steakhouse implement after the incident to prevent future attacks?

ASteakhouse migrated to a more secure registrar, implemented continuous DNS monitoring, rotated credentials, enforced stricter domain management controls (like hardware keys), and launched a broader review of vendor security practices.

Lecturas Relacionadas

Exploring Bitcoin Valuation in 2026 from Macro and On-Chain Structural Perspectives

Tiger Research analyzes Bitcoin's valuation outlook for 2026 from macro and on-chain perspectives. Despite a 27% price drop in Q1, the macro environment remains supportive. Global M2 hit a record $13.44 trillion, but Chinese liquidity, which contributed over 60% of M2 growth, has limited access to Bitcoin markets. The Iran conflict pushed oil prices higher, raising March CPI to 3.3% and narrowing the Fed's rate cut path. However, the easing direction remains intact. Bitcoin ETF flows turned positive in March after five months of outflows, and corporate accumulation continues. On-chain metrics show a shift from undervaluation to early equilibrium. Key indicators like MVRV-Z and NUPL have exited panic zones. The critical resistance is at $78k, the long-term holder cost basis, while the key support is at $54k. Although transaction counts increased, active addresses and average transfer size declined, indicating superficial growth rather than real network expansion. BTCFi ecosystem growth has weakened, leading to a -10% adjustment in fundamental metrics. The 12-month price target is set at $143k, based on a $132.5k neutral benchmark adjusted by -10% (fundamentals) and +20% (macro). This represents a 103% upside from current levels. Short-term catalysts include a break above $78k, sustained ETF inflows, and a Fed policy shift post-geopolitical de-escalation.

marsbitHace 20 min(s)

Exploring Bitcoin Valuation in 2026 from Macro and On-Chain Structural Perspectives

marsbitHace 20 min(s)

Anthropic Starts Poaching Scientists? $27K Weekly Onsite Stipend to Fix Claude's Expert-Level Errors

Anthropic has launched a new STEM Fellow program, offering $3,800 per week for a three-month, in-person residency in San Francisco. The role targets experts from science, technology, engineering, and mathematics (STEM) fields—machine learning experience is helpful but not required. Instead, Anthropic values scientific judgment and a willingness to learn quickly. Fellows will work with Claude models and internal tools under the guidance of an Anthropic researcher. Example projects include a materials scientist identifying errors in Claude’s reasoning or a climate scientist integrating atmospheric modeling software with Claude. The goal is to have experts "tell Claude where it's wrong" and improve its scientific capabilities. This initiative is part of Anthropic’s broader strategy to strengthen its scientific ecosystem, following earlier programs like the AI Safety Fellows and AI for Science programs. The company acknowledges that current AI models, while powerful, still produce high-confidence errors and lack end-to-end research autonomy. The program aims to embed domain expertise directly into model development, turning scientists into "high-level reviewers" for AI. Anthropic CEO Dario Amodei has previously emphasized AI’s potential to accelerate scientific breakthroughs, particularly in biology and healthcare. The company believes that the next phase of AI competition will depend not on scaling parameters, but on integrating human expertise to refine model accuracy and reliability.

marsbitHace 50 min(s)

Anthropic Starts Poaching Scientists? $27K Weekly Onsite Stipend to Fix Claude's Expert-Level Errors

marsbitHace 50 min(s)

VCs Sticking to the Primary Market: How Much Money Do They Still Have?

The article discusses the current state of the cryptocurrency venture capital (VC) market, based on a debate among investors from firms like Pantera Capital, Crucible Capital, and others. Key insights reveal that while VC funds are not short on capital, there is a scarcity of high-quality investment opportunities. The discussion highlights a structural shift: early-stage funding is more dispersed and competitive, with many smaller funds active, but later-stage growth capital is highly concentrated among a few large players like Paradigm and Pantera. Data indicates that over 80% of funding in 2026 went to later rounds, but this includes "graduated" fintech projects that have entered traditional VC realms. The core issue is not the availability of money, but its distribution and accessibility—early-stage founders face intense competition for funding, while later-stage funding is gatekept by a handful of major firms. This reflects a broader trend where VCs are being more selective, prioritizing long-term, proven projects over narrative-driven investments, and founders must demonstrate substantial progress and resilience to secure capital.

Odaily星球日报Hace 53 min(s)

VCs Sticking to the Primary Market: How Much Money Do They Still Have?

Odaily星球日报Hace 53 min(s)

Little Pepe ($LILPEPE) Builds Strong Investment Case With Potential 50x–100x Returns for Early Buyers

Little Pepe ($LILPEPE) is gaining significant attention as a promising crypto project, having raised nearly $28 million in its ongoing presale. The token price is currently $0.0022 and will increase to $0.0023 in the next stage, incentivizing early investment. The project highlights a potential 50x to 100x return for early buyers, targeting prices of $0.11 to $0.22 from the current near $0.01 value, though returns depend on market conditions. Beyond being a meme coin, Little Pepe offers utility through its Ethereum-based Layer 2 blockchain, featuring zero tax trades, bot protection, staking, a meme launchpad, and DAO governance. Additional incentives include a $77,000 token giveaway for ten participants and rewards for top contributors. While high-risk, the project's strong presale performance and functional ecosystem make it an attractive opportunity for investors seeking substantial returns.

TheNewsCryptoHace 58 min(s)

Little Pepe ($LILPEPE) Builds Strong Investment Case With Potential 50x–100x Returns for Early Buyers

TheNewsCryptoHace 58 min(s)

On the Eve of X Money's Launch, Musk Dismantles the Referee First

"X Money Launches After Dismantling Regulator: Musk's 9-Day Power Play" In February 2025, a team from the "Department of Government Efficiency" (DOGE), led by Elon Musk, entered the Consumer Financial Protection Bureau (CFPB) headquarters. Shortly after, the CFPB was effectively dismantled—its funding frozen, activities suspended, and nearly 90% of staff laid off. This move came just nine days after X announced a partnership with Visa and as X Money prepared to launch. The article contrasts this with the decade-long regulatory battles faced by companies like Coinbase and PayPal. Coinbase spent over $75 million in political contributions and endured a major SEC lawsuit to operate legally. PayPal complied with strict state and federal rules for its stablecoin PYUSD, including 100% reserve requirements and monthly audits. However, Musk’s approach was different. After the CFPB introduced a rule placing large digital payment apps under federal oversight, Musk tweeted "Delete CFPB." Within months, the rule was revoked by Congress. Meanwhile, DOGE operatives gained "god-tier" access to CFPB databases, potentially obtaining sensitive competitive information from rivals like Apple, Google, and PayPal. The article also highlights a "suspicious exemption clause" in the GENIUS Act, which allows private companies like X to issue stablecoins with fewer restrictions. Senator Elizabeth Warren questioned whether Musk, who was a senior presidential advisor during the Act’s drafting, influenced this clause. X Money offers a 6% APY on deposits, despite FDIC warnings that stablecoin users are not insured. As X Money launches to 600 million monthly users, the article questions the fairness of a system where Musk can bypass regulations that others spent years and millions to comply with. The dismantling of the CFPB and the alleged regulatory advantages raise concerns about the future of equitable rule-making in the U.S. financial system.

marsbitHace 59 min(s)

On the Eve of X Money's Launch, Musk Dismantles the Referee First

marsbitHace 59 min(s)

Trading

Spot

Futuros