DeFi

“Do Not Visit”: DeFi Protocols Compound and Celer Hit by Wallet Drain Attacks

Published

7 months ago

on

The websites of Ethereum-DeFi protocol based on Compound and multi-chain interoperability protocol Celer Network have both been compromised, with their respective interfaces currently redirecting visitors to a page that drains funds from connected wallets.

Compound is a Decentralized Finance (DeFi) protocol that allows users to borrow cryptocurrencies and grant loans by locking up their assets. Pseudonymous on-chain detective ZachXBT first reported the apparent attack via its Telegram channel, warning of a “potential” hijacking.

An hour later, the Web3 security tool Harpy reinforced this claim, saying that the site now redirects to a page that drains connecting walletsCompound eventually confirmed the attack itself, saying its website had been compromised.

“Please do not visit the website or click on any links until further notice,” Compound wrote.

The extent of the security breach is currently unknown. Compound has not yet confirmed how it occurred or whether anything other than its website was affected. Michael Lewellensecurity solutions architect at OpenZeppelin, a smart contract auditing company, wrote that he believes the protocol itself is unaffected, meaning “all funds in smart contracts are safe.”

Shortly after, the interoperability protocol Celer Network also suffered a “DNS domain attack” which The project claims “Target multiple projects at once”. Again, the URL redirects to a drain page.

Decrypt reached out to Compound and Celer for comment, but did not immediately receive a response from either project.

“Celer and Compound domains have just been hacked,” pseudonym Lama DeFi Founder 0xngmi wrote on Twitter: “The main suspect is that something is going on in their registrar: Squarespace.”

Squarespace is a popular website building and hosting site that many businesses use, including crypto projects like PolymarketdYdX and Karak Network, according to a list created by 0xngmi. Neither project has made any public comment.

Edited by Andre Hayward

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version