Chainalysis Hijacked DNS to compromise Monero nodes!
Ok here's the situation,
First, a video from Chainalysis leaked of them running malicious nodes to try to identify users/transactions
Then, the community noticed a particular domain in the video, and when asking the owner, he said he stopped paying the VPS used in the video long ago. MoneroBull explained to me, that they are using a DNS hijacking technique where:
a) The domain owner points their domain to a VPS
b) The domain owner stops paying the VPS and leaves.
c) Chainanalysis rents that VPS and controls the domain, because the zone record isn't reflecting the change.
d) Then popular wallets have these nodes in their lists, and that's how Chainalysis gets "trusted" nodes.
So what are the lessons learned? Well, for one you can run your own node. And second, upgrades to Monero are coming, probably now sooner than later. Including full membership proofs, where it includes the entire chain as possible decoys. This will hopefully be a huge step for everyone.
But in my subjective view, until both Nostr and Monero stop the reliance on government domains, we're gonna have issues.
Sources:
https://www.digilol.net/blog/chainanalysis-malicious-xmr.html
https://nitter.aosus.link/monerobull/status/1832807857332330843#m
https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/