Speaker
Description
Web3 entities, such as Ethereum Name Service (ENS), increasingly face threats originating
from the traditional DNS ecosystem. Threat actors exploit vulnerable Web2 domains to
target Web3 users and decentralized finance (DeFi) platforms, blurring the lines between
Web2 and Web3 DNS abuse landscapes.
This talk will recount real-world ENS war stories of battling such DNS abuses, focusing on:
• How ENS detected early-stage attacks in the DNS targeting Web3 entities and assets
• A deep dive into an extensive and malicious campaign unraveling over 2,500 Web2
domains weaponized to impersonate or defraud Web3 and other digital asset entities
• Technical countermeasures including DNS monitoring, response coordination, and
legal remedies — alongside the inherent limitations faced in these eVorts
• Why collaboration across registries, registrars, web3, and law enforcement is critical,
together with a proposal for the takedown of thousands of abusive domains
By bringing together lessons from the DNS abuse arena and Web3 defense strategies, this
session aims to underscore the interconnected security challenges and necessary
cooperative approaches in the evolving domain name landscape.
This proposal aligns with ongoing conversations about DNS abuse vectors and mitigations
documented in recent research and industry programs. It addresses the emerging
intersection of Web2 DNS infrastructure abuse and Web3 security, providing valuable
insights for both traditional DNS practitioners and the cryptographic naming community.
If you would like, I can assist further in fleshing out the talk outline or developing specific
technical and legal aspects for the presentation.
| Talk duration | 20 Minutes (+5 for Q&A) |
|---|
