Steakhouse Financial Confirms DNS Hijack, Says No User Funds Were Lost

Steakhouse Financial experienced a DNS hijacking attack on March 30, 2026, after attackers socially engineered OVHcloud support staff to disable hardware 2FA on the company's account. A phishing site using an Inferno Drainer kit remained active for approximately four hours, but the company confirmed no user funds were compromised, partly due to ICANN's five-day domain transfer lock preventing the attacker from completing the hijack.

The Steakhouse Financial DNS hijacking illustrates a critical vulnerability in the multi-factor authentication ecosystem: social engineering of third-party service providers. While the company employs hardware 2FA, attackers bypassed this protection by targeting OVHcloud support directly, gaining full account control within one hour. This represents a sophisticated supply-chain attack vector that hardware security keys alone cannot defend against.

DNS hijacking has become an increasingly common attack pattern in cryptocurrency services, where attackers redirect domain traffic to phishing sites to harvest private keys or seed phrases. The use of Inferno Drainer, a known credential-stealing toolkit, suggests this was a professional operation. The incident underscores why ICANN's five-day transfer lock exists as a critical safeguard—it provided Steakhouse Financial the temporal window necessary to detect the attack and cancel the unauthorized domain transfer before losing control permanently.

While Steakhouse Financial emphasizes no funds were lost, the reputational and operational damage from a four-hour phishing campaign exposure remains significant. This incident highlights that DeFi and cryptocurrency platforms must implement additional protective layers beyond 2FA, including domain monitoring, social engineering awareness training for service providers, and rapid incident response protocols.

The broader industry implication suggests exchanges and financial platforms should mandate stricter identity verification with hosting providers and consider DNS security measures like DNSSEC. This attack demonstrates that user fund security depends not just on a platform's internal safeguards, but on the security practices of every third party in the infrastructure chain.

• →Attackers used social engineering against OVHcloud support to disable hardware 2FA rather than bypassing it technically.
• →ICANN's five-day domain transfer lock proved essential in preventing permanent loss of domain control.
• →Inferno Drainer phishing site remained active for four hours, highlighting the importance of rapid incident detection.
• →No user funds were compromised despite the DNS hijacking, suggesting Steakhouse Financial's operational security prevented direct asset theft.
• →Third-party service provider security is a critical vulnerability for cryptocurrency platforms that organizations cannot fully control.