Subdomain Takeover Proof of Concept - by Kresec
The subdomain governance.trustwallet.com
was vulnerable to Subdomain Takeover.
Impact
- Trusted domain can be abused for phishing or malicious campaigns with almost 0 effort.
- Inherited reputation & backlinks from high-authority websites (including Binance). https://ahrefs.com/backlink-checker/?input=governance.trustwallet.com
- Potential supply-chain attack vector for malicious JS, wallet drainer, or malware delivery.
- Can be used to harm users through fake governance/authentication pages.
- Chainable with other vulnerabilities such as origin trust bypass, weak CORS, OAuth redirect abuse, etc.