Steakhouse postmortem reveals DNS hijack caused by registrar 2FA bypass

ambcryptoPublished on 2026-04-10Last updated on 2026-04-10

Abstract

Steakhouse's postmortem of a 30 March security incident reveals that attackers hijacked its domain through a social engineering attack on its registrar, OVHcloud. The attacker impersonated the account owner, convinced support to disable hardware-based two-factor authentication, and took full control of the account. This allowed them to redirect DNS to a phishing site with a wallet drainer for about four hours. No user funds were lost, as on-chain systems remained secure, and wallet protections quickly detected the fake site. The breach underscores the risk of off-chain infrastructure vulnerabilities and over-reliance on a single registrar. Steakhouse has since migrated registrars, enhanced DNS monitoring, and implemented stricter domain security controls.

A postmortem from Steakhouse has shed new light on a 30 March security incident. Attackers briefly hijacked its domain to serve a phishing site, exposing a critical weakness in off-chain infrastructure rather than on-chain systems.

The team confirmed that the attack stemmed from a successful social engineering attempt targeting its domain registrar, OVHcloud. This allowed the attacker to bypass two-factor authentication and take control of DNS records.

Social engineering led to full account takeover

According to the report, the attacker contacted the registrar’s support desk, impersonated the account owner, and convinced a support agent to remove hardware-based two-factor authentication.

Once access was granted, the attacker rapidly executed a series of automated actions. This included deleting existing security credentials, enrolling new authentication devices, and redirecting DNS records to infrastructure under their control.

This enabled the deployment of a cloned Steakhouse website embedded with a wallet drainer, which remained intermittently accessible for roughly four hours.

Phishing site active, but funds remained safe

Despite the severity of the breach, Steakhouse stated that no user funds were lost and no malicious transactions were confirmed.

The compromise was limited to the domain layer. On-chain vaults and smart contracts, which operate independently of the frontend, were not affected. The protocol emphasized that it holds no admin keys that could access user deposits.

Browser wallet protections from providers such as MetaMask and Phantom quickly flagged the phishing site, while the team issued a public warning within 30 minutes of detecting the incident.

Postmortem highlights vendor risk and single points of failure

The report points to a key failure in Steakhouse’s security assumptions: reliance on a single registrar whose support processes could override hardware-based protections.

The ability to disable two-factor authentication via a phone call, without robust out-of-band verification, effectively turned a credential leak into a full account takeover.

Steakhouse acknowledged that it had not adequately assessed this risk, describing the registrar as a “single point of failure” in its infrastructure.

Off-chain vulnerabilities remain a weak link

The incident underscores a broader issue in crypto security — that strong on-chain protections do not eliminate risks in surrounding infrastructure.

While smart contracts and vaults remained secure, control over DNS allowed the attacker to target users through phishing, a method increasingly common in the ecosystem.

The attack also involved tools consistent with “drainer-as-a-service” operations, highlighting how attackers continue to combine social engineering with ready-made exploit kits.

Security upgrades and next steps

Following the incident, Steakhouse has migrated to a more secure registrar. It implemented continuous DNS monitoring, rotated credentials, and launched a broader review of vendor security practices.

The team also introduced stricter controls for domain management, including hardware key enforcement and registrar-level locks.

Final Summary

Steakhouse’s postmortem reveals that a registrar-level 2FA bypass enabled a DNS hijack, exposing users to phishing despite secure on-chain systems.
The incident highlights how off-chain infrastructure and vendor security remain critical vulnerabilities in crypto ecosystems.

Bitcoin To $400,000? Analyst Uses Gold Overlay To Make Bold 2026 Case

A social media analyst, Vivek Sen, has suggested Bitcoin could reach $400,000 in 2026 based on a chart overlay comparing its price structure to gold's historical breakout pattern. The claim, made via an X post, argues that if Bitcoin continues to mirror gold's past trajectory, a significant price surge is possible. However, the article notes this is a visual comparison and not a formal forecast or valuation model. The analysis highlights that Bitcoin and gold have different market characteristics, including size, liquidity, volatility, and investor bases. Bitcoin's price is also more influenced by factors like ETF flows, derivatives, and crypto-native leverage. For the $400,000 scenario to materialize, the article suggests sustained institutional inflows, supportive macro conditions, and a strong ongoing uptrend would be necessary. Ultimately, the report frames the $400,000 target as a speculative, bullish scenario rather than a base-case prediction. It concludes that while the gold overlay provides an interesting framework, its relevance depends on real-world market confirmation through price action and demand signals.

bitcoinist51m ago

Bitcoin To $400,000? Analyst Uses Gold Overlay To Make Bold 2026 Case

bitcoinist51m ago

Bitcoin Halving Clock Points To Bottoming Phase, But Cycle Signal Needs Caution

Crypto analyst Crypto Rover claims Bitcoin is currently in a post-halving "bottoming phase," based on a historical cycle chart suggesting repeatable market rhythms. However, the analysis is flagged as speculative trader commentary, not a confirmed signal. The article cautions that halving-cycle models are less reliable in today's more mature, institutional market influenced by ETFs, derivatives, and macro factors. While such narratives can shape trader sentiment, actual confirmation of a bottom requires support from price action, liquidity, on-chain data, and broader risk appetite. The key takeaway is to view the cycle argument as an interesting framework, not a trade signal, until Bitcoin demonstrates it can hold key support levels and build a stronger price structure.

bitcoinist2h ago

Bitcoin Halving Clock Points To Bottoming Phase, But Cycle Signal Needs Caution

bitcoinist2h ago

Bitcoin Trader Says Cycle Tops And Bottoms Match Exact Day Counts

A Bitcoin trader claims to have discovered a remarkably precise timing pattern in Bitcoin's market cycles, suggesting they repeat to the exact day. According to the trader, bull-market runs from cycle low to high in the 2014-2017, 2018-2021, and 2022-2025 periods each lasted precisely 1,064 days. Similarly, bear-market declines from peak to trough in 2017-2018 and 2021-2022 allegedly lasted exactly 364 days. Such a pattern would offer traders a simple, calendar-based framework for anticipating market turns. However, the article highlights significant risks with such exact-cycle claims, noting they can depend heavily on cherry-picking specific price peaks and troughs to fit the narrative. Factors like Bitcoin halvings, macro conditions, and investor psychology influence markets but don't guarantee perfect day-count windows. Despite the skepticism warranted towards precise date predictions, cycle theories remain powerful narratives in crypto. They provide traders with a story to frame market uncertainty and timing decisions, especially during periods of consolidation. The takeaway is that while these patterns are interesting as social-market commentary, they should not be relied upon alone for making concrete price predictions.

bitcoinist5h ago

Bitcoin Trader Says Cycle Tops And Bottoms Match Exact Day Counts

bitcoinist5h ago

$9.4 Billion: The Largest Robotics Funding This Year Has Emerged

Munich-based humanoid robotics company Neura has completed a $1.4 billion (approximately RMB 94.9 billion) Series C funding round, valuing the company at around $7 billion and positioning it among the global leaders in the sector. The investment round is notable not just for its size—reportedly the largest in robotics this year—but also for its strategic backers, which include tech giants like NVIDIA and Amazon, alongside established industrial players such as German engineering firms Bosch and Schaeffler. This mix of investors signals a significant shift in the industry's focus from technological demonstrations and general-purpose narratives toward practical, industrial deployment and commercialization. Neura's approach centers on developing humanoid robots for defined, high-value industrial tasks rather than pursuing a general-purpose model. Its early validation comes from a partnership with BMW, where its robots are being tested on actual production lines. The involvement of Bosch and Schaeffler, companies deeply embedded in global manufacturing, underscores a growing belief that humanoid robots are transitioning from labs to viable factory-floor solutions. The article highlights two converging trends driving investment: advancements in AI and large language models, which enhance robots' perception and decision-making in unstructured environments, and mounting pressure from labor shortages and rising costs in major manufacturing regions. The funding landscape is now bifurcating between companies like Figure AI, focusing on versatile general-purpose robots, and firms like Neura, targeting specific vertical industrial applications with clearer, shorter paths to ROI. While technical hurdles remain, the core challenges for widespread adoption are increasingly seen as engineering and commercial in nature: managing the high integration and customization costs for different factory environments and establishing robust, localized maintenance and service networks. The record investment in Neura, particularly from industrial capital, indicates the industry's growing confidence in moving from proving feasibility to solving the practical problems of scalability, reliability, and building sustainable business models around humanoid robots in real-world settings like automotive manufacturing and hazardous labor environments.

marsbit10h ago

$9.4 Billion: The Largest Robotics Funding This Year Has Emerged

marsbit10h ago

Coinbase And Ethena Launch High Yield USDC Vault Powered By Morpho

Coinbase has launched a new High Yield USDC Vault in collaboration with Ethena Labs and powered by Morpho, curated by Steakhouse Financial. This marks the first live product from the Coinbase-Ethena partnership, offering Coinbase users access to enhanced yields through a simplified interface. Unlike Coinbase's more conservative vaults, this product accepts a broader collateral mix, including synthetic assets like Ethena's USDe, which allows for higher potential returns but introduces greater risks related to collateral behavior and market dynamics. The annual percentage yields (APYs) are dynamic and not guaranteed. The launch underscores a trend of centralized exchanges packaging complex DeFi strategies into user-friendly products, expanding access while highlighting the need for clear risk disclosure. The vault is currently available to eligible users in the U.S. (excluding New York) and select international markets.

bitcoinist14h ago

Coinbase And Ethena Launch High Yield USDC Vault Powered By Morpho

bitcoinist14h ago

Trading

Spot

Futures