Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

frontend dns hijackDemo

Jun 2, 2024 · $22M · frontend

Narrative

On 2024-06-02, Celsius (defunct) suffered a frontend dns hijack incident resulting in approximately $21,989,522 in losses. The exploit targeted the frontend layer. A flash loan was used to amplify the attack. Attribution: mev_searcher. This is a demonstration entry — not a real incident.

Classification

Root cause
frontend_dns_hijack
Secondary causes
Attack layer
frontend
Strategy
tech_vuln
Actor role
target
Attribution
mev_searcher
Attacker address
0x7f31655bde968b8a8cb52b266c266926d7310eff
Flash loan
yes
Audited at time
yes
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0001DEMO:AADAPT.TA0008DEMO:AADAPT.T1071.001DEMO:AADAPT.T1583.001

Evidence

Disclosure date
Jun 3, 2024
Funds recovered
Audit firms at time
Zellic, Cantina
Post-mortem URLs (synthetic)
  • https://medium.com/celsius-defunct/post-mortem-celsius-defunct-2024-06-02
  • https://rekt.news/celsius-defunct-rekt
  • https://blog.celsius-defunct.xyz/incident-report
tx hashes (1)
  • 0x2a21946c67bc3e79a7ceecdc4b5917bb92d08115030cc73043d3df9f041e636d