On July 11, a sophisticated domain registry attack compromised multiple decentralized finance (DeFi) applications, redirecting users to malicious websites. Several protocols have issued warnings to their users regarding the attack.
Blockchain security platform Blockaid identified that the attacker exploited domain names provided by Squarespace, a popular website-building service. This breach affected prominent DeFi protocols, including Compound Finance, and potentially endangered many other applications within the ecosystem.
The attackers manipulated the domain name system (DNS) entries, effectively intercepting users attempting to access legitimate DeFi platforms and directing them to phishing sites designed to steal sensitive information and funds.
From initial assessment, it appears that the attackers are operating by hijacking DNS records of projects hosted on SquareSpace.
For instance, here’s the DNS history of compound.finanace – we can see that earlier today, the DNS was hijacked to point to a new IP address: pic.twitter.com/y7iSBw1aAJ
— Blockaid (@blockaid_) July 11, 2024
The attack was first detected when users attempting to access Compound Finance’s interface at compound.finance were redirected to a malicious website. This fraudulent site contained a drainer app designed to steal users’ tokens.
Concurrently, Celer Network’s domain was also targeted, but its monitoring systems successfully intercepted the takeover attempt before it could succeed.
At 1:38 p.m. UTC, Celer Network alerted the crypto community about the DNS attack.
✅Thanks to our 24/7 domain security monitoring, an attempted takeover of Celer domains was successfully intercepted. All DNS records have been recovered. Our ongoing investigation indicates
Read more on cryptonews.com