At least two DeFi protocols have reported compromised domains in a recent hacking campaign targeting crypto websites.
On Thursday, Celer Network and Compound Finance alerted the crypto community to an ongoing attack on their domain addresses. βWe are investigating a potential DNS domain attack that seems to be hitting multiple projects at the same time,β the notice from Celer read.
π¨ URGENT: The Compound Labs website (compound[.]finance) has been compromised. Please do not visit the website or click any links until further notice. An update will be provided when available. This is our final message // end of tweet. π¨
A Domain Name System (DNS) attack involves stressing the stability of DNS service to gain control over a website and possibly redirect traffic to phishing hotspots.
Security experts indicated that multiple decentralized finance protocols might be under threat by actors aiming to steal funds. Some 11 platforms, including Pendle Finance, Polymarket, and THORChain, were named as potential targets.
The hack likely originated from Google Domain accounts used by these protocols. Squarespace acquired Google Domains last year in a $180 million deal, and all websites associated with the company are currently under scrutiny.
multiple crypto projects have had their domains mysteriously hijacked from their @squarespace account. consider transferring your domain to one of these instead: β @Cloudflare β @awscloud Route53 β @markmonitor β @CSCDBS
At press time, neither Celer Network nor Compound Finance disclosed that the threat had been mitigated. Users are advised to avoid interacting with DeFi dapps until further notice. Additionally, no funds had been reported stolen due to the DNS attack.
This situation highlights the need for defensive vigilance as hackers seek to compromise Web3 solutions via their Web2 connections. Last September, the automated market maker Balance experienced a front-end attack. Before that, a bug in a code compiler used by Curve Finance allowed bad actors to siphon over $70 million in crypto and exploit several protocols.
Since then, white-hat security experts have assembled efforts to mitigate the growing threat in crypto and Web3. Initiatives like the first-responder Telegram bot SEAL 911 and security councils featuring industry leaders have emerged to combat the issue.
Stay updated with the latest news on Global Crypto News.