Celer Network successfully intercepted an attempted takeover of its website on Thursday, potentially safeguarding 128 Web3 projects.
The attack stemmed from suspected vulnerabilities at the domain hosting firm Squarespace. Early reports indicated that issues with Squarespace’s domain registrar services might have facilitated the attack.
Thanks to our 24/7 domain security monitoring, an attempted takeover of Celer domains was successfully intercepted. All DNS records have been recovered. Our ongoing investigation indicates that the attack vector likely involved third parties beyond our control. The Celer…
— CelerNetwork (@CelerNetwork) July 11, 2024
The compromised websites raised alarms in the crypto community, with major platforms like Compound Finance issuing warnings. “Users should not access our front-end website due to redirection to a phishing site,” Compound Finance advised, emphasizing the seriousness of the threat.
Widespread Concerns and Responses
Phishing schemes in crypto often involve high-profile social media account takeovers, leading users to malicious wallet links. Direct attacks on protocol websites are less common but can have devastating effects.
Michael Lewellen, a security advisor for Compound DAO and developer at audit firm OpenZeppelin, advised the community to be vigilant. He warned against using Compound’s website, stressing the potential risks involved. Similarly, Celer Network issued an alert about a “DNS domain attack” affecting multiple projects simultaneously, although this message was later deleted.
DeFiLlama developer 0xngmi revealed that 128 protocols’ front-end websites were at risk, including well-known applications such as Pendle Finance, dYdX, Thorchain, and Axelar. While these sites were not compromised, their use of Squarespace made them vulnerable.
Potential Cause and Squarespace’s Role
The suspected vulnerabilities appear linked to Squarespace’s recent acquisition of Google Domains. During the transition, several web pages allegedly lost their two-factor authentication, exposing them to exploitation.
Web3 security firm Blockaid and researcher Samczsun suggested that attackers hijacked the DNS records, redirecting them to a compromised IP address. The attackers utilized a known “drainer kit” associated with Inferno Drainer, a group notorious for wallet-draining activities. Inferno Drainer has reportedly stolen over $180 million from 189,000 victims since August 2023.
Limited Success and Immediate Actions
Thursday’s attack was less successful compared to previous exploits. One address linked to the malicious site held less than $1,400 in altcoins, while a second address contained more than $142,000 worth of ETH.
Several wallets, including MetaMask, Coinbase Wallet, and Zerion, have blocked these addresses to prevent further losses. Despite these measures, the exact origin of the attack remains unclear. Whether a Squarespace employee was involved or the attackers found another way to access the accounts.
Axelar posted on social media site X that “no issue has been identified with any Axelar website” and confirmed that its teams were “continuing to monitor the situation closely.” This reflects the proactive steps the affected projects take to mitigate risks.
Industry-Wide Implications and Future Measures
The crypto industry has witnessed similar attacks on other DeFi platforms, including Curve Finance, Frax, and Pancake Swap. These incidents underscore the space’s ongoing security challenges.
At least one Web3 project, Aloe Labs, announced plans to move to a new domain name provider in response to the attack. This shift highlights the need for enhanced security measures and vigilant monitoring to protect against such threats.
The post Celer Network Blocks Hack as Compound Warns of Phishing appeared first on Coinfomania.
