Steakhouse postmortem reveals DNS hijack caused by registrar 2FA bypass

ambcryptoPubblicato 2026-04-10Pubblicato ultima volta 2026-04-10

Introduzione

Steakhouse's postmortem of a 30 March security incident reveals that attackers hijacked its domain through a social engineering attack on its registrar, OVHcloud. The attacker impersonated the account owner, convinced support to disable hardware-based two-factor authentication, and took full control of the account. This allowed them to redirect DNS to a phishing site with a wallet drainer for about four hours. No user funds were lost, as on-chain systems remained secure, and wallet protections quickly detected the fake site. The breach underscores the risk of off-chain infrastructure vulnerabilities and over-reliance on a single registrar. Steakhouse has since migrated registrars, enhanced DNS monitoring, and implemented stricter domain security controls.

A postmortem from Steakhouse has shed new light on a 30 March security incident. Attackers briefly hijacked its domain to serve a phishing site, exposing a critical weakness in off-chain infrastructure rather than on-chain systems.

The team confirmed that the attack stemmed from a successful social engineering attempt targeting its domain registrar, OVHcloud. This allowed the attacker to bypass two-factor authentication and take control of DNS records.

Social engineering led to full account takeover

According to the report, the attacker contacted the registrar’s support desk, impersonated the account owner, and convinced a support agent to remove hardware-based two-factor authentication.

Once access was granted, the attacker rapidly executed a series of automated actions. This included deleting existing security credentials, enrolling new authentication devices, and redirecting DNS records to infrastructure under their control.

This enabled the deployment of a cloned Steakhouse website embedded with a wallet drainer, which remained intermittently accessible for roughly four hours.

Phishing site active, but funds remained safe

Despite the severity of the breach, Steakhouse stated that no user funds were lost and no malicious transactions were confirmed.

The compromise was limited to the domain layer. On-chain vaults and smart contracts, which operate independently of the frontend, were not affected. The protocol emphasized that it holds no admin keys that could access user deposits.

Browser wallet protections from providers such as MetaMask and Phantom quickly flagged the phishing site, while the team issued a public warning within 30 minutes of detecting the incident.

Postmortem highlights vendor risk and single points of failure

The report points to a key failure in Steakhouse’s security assumptions: reliance on a single registrar whose support processes could override hardware-based protections.

The ability to disable two-factor authentication via a phone call, without robust out-of-band verification, effectively turned a credential leak into a full account takeover.

Steakhouse acknowledged that it had not adequately assessed this risk, describing the registrar as a “single point of failure” in its infrastructure.

Off-chain vulnerabilities remain a weak link

The incident underscores a broader issue in crypto security — that strong on-chain protections do not eliminate risks in surrounding infrastructure.

While smart contracts and vaults remained secure, control over DNS allowed the attacker to target users through phishing, a method increasingly common in the ecosystem.

The attack also involved tools consistent with “drainer-as-a-service” operations, highlighting how attackers continue to combine social engineering with ready-made exploit kits.

Security upgrades and next steps

Following the incident, Steakhouse has migrated to a more secure registrar. It implemented continuous DNS monitoring, rotated credentials, and launched a broader review of vendor security practices.

The team also introduced stricter controls for domain management, including hardware key enforcement and registrar-level locks.

Final Summary

Steakhouse’s postmortem reveals that a registrar-level 2FA bypass enabled a DNS hijack, exposing users to phishing despite secure on-chain systems.
The incident highlights how off-chain infrastructure and vendor security remain critical vulnerabilities in crypto ecosystems.

Domande pertinenti

QWhat was the root cause of the security incident at Steakhouse on March 30th?

AThe root cause was a successful social engineering attack targeting their domain registrar, OVHcloud, which allowed the attacker to bypass two-factor authentication and take control of the DNS records.

QHow did the attacker manage to bypass the two-factor authentication on the registrar account?

AThe attacker impersonated the account owner, contacted the registrar's support desk, and convinced a support agent to remove the hardware-based two-factor authentication protection.

QWere any user funds lost as a result of this DNS hijacking and phishing attack?

ANo, Steakhouse confirmed that no user funds were lost and no malicious transactions were confirmed. The on-chain vaults and smart contracts were not compromised.

QWhat key security failure did the postmortem report identify in Steakhouse's infrastructure?

AThe report identified the reliance on a single registrar, whose support processes could override hardware-based protections, as a critical 'single point of failure' that was not adequately assessed.

QWhat security measures did Steakhouse implement after the incident to prevent future attacks?

ASteakhouse migrated to a more secure registrar, implemented continuous DNS monitoring, rotated credentials, enforced stricter domain management controls (like hardware keys), and launched a broader review of vendor security practices.

Letture associate

South Korean Exchanges 'Battle' Regulators, Challenging the Boundaries of Enforcement and Legislation

South Korea's cryptocurrency industry is engaged in a rare, direct confrontation with regulators. The Financial Intelligence Unit (FIU), the primary anti-money laundering (AML) watchdog, has recently imposed heavy penalties on major exchanges like Upbit and Bithumb for alleged violations involving unregistered overseas VASPs and AML procedures. However, exchanges are now actively challenging these actions in court and through industry associations. In a significant shift, the Seoul Administrative Court ruled in favor of Upbit's operator, Dunamu, overturning part of an FIU-ordered business suspension. The court found the FIU's penalty criteria and justification insufficiently clear. Similarly, the court suspended the enforcement of a six-month business suspension against Bithumb pending a final ruling, citing potential irreversible harm to the exchange. Beyond legal battles, the industry is contesting proposed legislative amendments. The Digital Asset eXchange Alliance (DAXA) strongly opposes a draft rule that would mandate Suspicious Transaction Reports (STRs) for all crypto transfers over 10 million KRW (~$6,800). DAXA argues this "poison pill" clause violates legal principles and would overwhelm the STR system, increasing reports from 63,000 to an estimated 5.45 million annually for major exchanges, thereby crippling effective AML monitoring. This conflict highlights a structural tension in South Korea's crypto governance: comprehensive digital asset laws are still developing, while regulators rely heavily on AML enforcement. The industry's move from passive compliance to active legal and legislative challenges signifies a new phase, pressing for clearer rules and more proportionate enforcement. While short-term disputes may intensify, this clash could ultimately lead to a more mature and sustainable regulatory framework for South Korea's vibrant crypto market.

marsbit25 min fa

South Korean Exchanges 'Battle' Regulators, Challenging the Boundaries of Enforcement and Legislation

marsbit25 min fa

Earnings Report, CLARITY Bill, and Warsh's Arrival: CRCL Faces Three Major Tests This Week

Circle (CRCL) faces three major tests this week that will significantly impact its stock price and valuation. First, on May 11, it will release its Q1 2026 earnings. Key metrics to watch are overall revenue and EPS, the proportion of revenue paid to distributors like Coinbase, and growth in non-interest income. The market also awaits Circle's stance on renegotiating its revenue-sharing contract with Coinbase, which expires in August. Second, on May 14, the U.S. Senate Banking Committee will vote on the CLARITY Act. This bill aims to establish a clear federal regulatory framework for digital assets. A recent compromise proposal would ban yield on static stablecoin reserves but allow rewards for active ones. Its passage, currently seen as likely by prediction markets, would be a major positive for the industry and Circle. Finally, on May 15, Kevin Warsh will succeed Jerome Powell as Federal Reserve Chair. Warsh's proposed policy of quantitative tightening combined with interest rate cuts could pose a short-term headwind for CRCL, as lower rates reduce Circle's primary revenue from USDC reserves. However, long-term prospects may improve as Warsh, a known crypto investor who opposes a Fed CBDC, is seen as potentially favorable to regulated private stablecoins like USDC.

marsbit30 min fa

Earnings Report, CLARITY Bill, and Warsh's Arrival: CRCL Faces Three Major Tests This Week

marsbit30 min fa

After 50x Storage Surge, Justin Sun Always Looks to the Next Decade

Sun Yuchen, known for his controversial stunts like a $30 million lunch with Warren Buffett (canceled due to a kidney stone) and eating a $6.2 million duct-taped banana, is often overshadowed by a significant fact: his decade-long track record of spotting major investment trends. In 2016, he famously advised young people to invest in Bitcoin, Nvidia, Tesla, and Tencent instead of buying property. A hypothetical $20,000 investment in Nvidia and Tesla from that list would now be worth over 50 million RMB. His latest major call was on November 6, 2025, predicting a "50x storage opportunity" tied to the AI boom, which materialized with Sandisk's stock surging nearly 50-fold by 2026. Looking ahead, Sun now focuses on the next frontier: Physical AI. He identifies four key areas: 1. **Embodied AI/Robotics**: He sees this reaching its "iPhone moment," with companies like UBTech and Galaxy General leading in commercialization. 2. **Drones**: Viewed as the first commercially viable form of Physical AI, revolutionizing sectors from warfare (e.g., AeroVironment's Switchblade) to logistics. 3. **Spatial Computing**: Beyond VR, it's about AI understanding physical space, a foundational technology for robotics and autonomous systems, exemplified by Apple's Vision Pro. 4. **Space Exploration**: After a 2025 suborbital flight with Blue Origin, Sun advocates for space as the ultimate frontier, discussing blockchain's potential role in space asset management and data transactions. His investment philosophy involves betting on entire, inevitable trends rather than single companies. For robotics, he sees Tesla (the body/manufacturer) and Nvidia (the brain/AI platform) as complementary plays. In defense drones, he highlights companies making tanks obsolete (AeroVironment) and those augmenting fighter jets (Kratos). For space, he participated in Blue Origin's flight and anticipates SpaceX's potential IPO to redefine the sector's valuation. Sun Yuchen's vision frames the next two decades not as a revolution in information flow (like the internet), but in the fundamental operation of the physical world through AI-powered robots, autonomous systems, and spatial intelligence, ultimately extending human and AI activity into space. While many still focus on conventional assets, he continues to look toward the next technological horizon.

marsbit1 h fa

After 50x Storage Surge, Justin Sun Always Looks to the Next Decade

marsbit1 h fa

The Billionaires Behind the Most Expensive Midterm Election in History

"The Most Expensive Midterm Elections and Their Billionaire Backers" This analysis details the unprecedented scale of spending in the 2026 midterm elections, highlighting the key billionaire donors shaping the political landscape. Jeff Yass, founder of Susquehanna International Group, has contributed over $81 million, ranking third among individual donors behind George Soros ($102.6M) and Elon Musk ($84.8M). Yass is a major donor to Trump's MAGA Inc. and supports school choice and various candidates. Overall, federal committees have raised over $4.7 billion this cycle, with political ad spending projected to reach $10.8 billion. Republican-aligned groups are significantly out-raising their Democratic counterparts. "Dark money" from undisclosed sources continues to grow. The core stakes involve control of Congress and policy direction for Trump's final term. Donors are also motivated by specific issues: Sergey Brin and Chris Larsen are funding opposition to a proposed California wealth tax and supporting crypto-friendly policies. Other top donors include OpenAI's Greg Brockman and his wife Anna ($50M total to MAGA Inc. and an AI-focused PAC), Richard Uihlein ($45.3M to conservative causes), venture capitalists Marc Andreessen and Ben Horowitz (each over $44M to crypto/AI PACs and MAGA Inc.), Miriam Adelson ($42.6M to GOP leadership PACs), Paul Singer ($33.9M), and Diane Hendricks ($25.8M to MAGA Inc.). The article notes that the peak fundraising period is still ahead, with major primaries approaching.

marsbit1 h fa

The Billionaires Behind the Most Expensive Midterm Election in History

marsbit1 h fa

The Largest IPO in History Is Approaching, Surpassing SpaceX, 28 Years of AI Self-Iteration, Countdown to Intelligence Explosion

"Anthropic Nears Trillion-Dollar IPO, Fueled by Explosive Growth and 2028 'Intelligence Explosion' Warning Anthropic is considering a deal valuing the AI company near $1 trillion, potentially leading to one of the largest IPOs ever and surpassing SpaceX. Its revenue has skyrocketed, with Annual Recurring Revenue (ARR) reaching $45 billion in May 2026—a 500% increase in just five months. This vertical growth curve is attributed to its key products, Claude Code and Cowork, dominating AI coding and enterprise collaboration. Beyond commercial success, co-founder Jack Clark issued a pivotal warning in an interview: there is a greater than 50% chance that by the end of 2028, AI systems will achieve recursive self-improvement—the ability to autonomously build a 'better version' of themselves, initiating an 'intelligence explosion.' This prophecy underpins the company's astronomical valuation, as the market prices in the potential for transformative and disruptive AI. Further signaling its ambition, Anthropic formed a $1.5 billion joint venture with Goldman Sachs and Blackstone, aiming to disrupt traditional consulting firms like McKinsey by deploying Claude AI for complex strategic work. This move tests AI's capacity to replace high-level cognitive labor, a precursor to its predicted autonomous evolution. The narrative presents a dual future: unprecedented economic opportunity alongside significant risks like economic restructuring and security threats. Anthropic's meteoric rise and Clark's 2028 prediction frame the coming years as a countdown to a potential technological singularity."

marsbit1 h fa

The Largest IPO in History Is Approaching, Surpassing SpaceX, 28 Years of AI Self-Iteration, Countdown to Intelligence Explosion

marsbit1 h fa

Trading

Spot

Futures