DNS was not attacked in this case, the IP addresses themselves were redirected through BGP. It would protect against BGP hijacks of the DNS server, but that wasn't what happened here.
There are ways to protect against such attacks (RPKI for BGP routers, DNSSEC + DANE or HPKP for servers) but none of those aren't available in most modern browsers.
I'm a strong proponent of DNSSEC, but it can't solve _all_ problems. Only with DANE would it benefit the situation.
If target (a crypto wallet website) has both DNS authoritative with DNSSEC and the website, you should be able to detect a change in signing as being invalid.
Key thing is thou that the authoritative DNS server must also reside on the web server.
And gotta turn that DNS cache off or keep TTL short.
No. DNS was not affected by the attack. DNSSEC verifies that the contents of the DNS responses were not altered or spoofed. During this attack, the DNS records were left alone. The DNS response returned the real IP addresses in response to queries and the DNSSEC signature would still be valid.
The IP addresses themselves were hijacked. DNS has no authority over IP addresses so DNSSEC would be pointless.
There are ways to protect against such attacks (RPKI for BGP routers, DNSSEC + DANE or HPKP for servers) but none of those aren't available in most modern browsers.
I'm a strong proponent of DNSSEC, but it can't solve _all_ problems. Only with DANE would it benefit the situation.