DeFi
DeFi protocols compromised as many domains come under DNS siege
At least two DeFi protocols have reported compromised domains in an apparent hacking campaign targeting crypto websites.
On Thursday, Celer Network and Compound Finance alerted the crypto community about an ongoing attack on their domain addresses. “We are investigating a potential DNS domain attack that appears to be affecting multiple projects at once,” Celer’s advisory reads.
🚨 URGENT: Compound Labs website[.](finance) has been compromised.
Please do not visit the website or click on any links until further notice. An update will be provided as soon as it is available.
This is our last message // end of tweet. 🚨
— Compound Laboratories (@compoundfinance) July 11, 2024
A Domain Name System (DNS) is a system that focuses on the stability of the DNS service to take control of a website and potentially redirect traffic to phishing hotspots.
Security experts have said that several decentralized finance protocols could be under siege by malicious actors looking to steal funds. Some 11 platforms, including Pendle Finance, Polymarket, and THORChain, have been named as potential targets. A partial list of websites at risk of being hacked can be found here here.
According to Paradigm research samczsunThe hack likely originated from Google Domain accounts used by these protocols. Squarespace acquired Google Domains last year in a $180 million deal, and all websites associated with the company are currently under surveillance.
At press time, neither Celer Network nor Compound Finance have revealed that the threat has been mitigated. In the meantime, users are advised to avoid interacting with DeFi dapps until further notice. Additionally, no funds have been reported as stolen due to the DNS attack.
This case underscores the need for defensive vigilance as hackers seek to compromise Web3 solutions via their Web2 connections. Last September, automated market maker Libra suffered a frontal attack. Before that, a bug in a code compiler used by Curve Financing allowed bad actors to siphon off over $70 million in crypto and exploit multiple protocols.
Since then, white hat security experts have joined forces to mitigate the growing threat in the cryptocurrency and Web3 space. Initiatives such as the Telegram First Aid Bot SEAL 911 And safety tips Industry leaders like Coinbase have emerged to combat this problem.