Decentralized finance giant Compound Finance's frontend was compromised earlier on Thursday and now hosts a phishing site, developers said in an X post.

Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. These are a major concern across the cryptocurrency market, with over $104 million stolen from unsuspecting users in the first two months of 2024 alone.

The compound(.)finance site leads to the "compound-finance.app" as of European morning hours Thursday.

Security researcher Michael Lewellen noted that the latter is a draining tool that will empty funds if a user interacts with it. As such, the actual Compound protocol remains unaffected, and all existing user deposits are safe.

ALERT: The https://t.co/vSAGYl6wwJ URL has been compromised and is currently hosting a phishing site. DO NOT interact with the https://t.co/vSAGYl6wwJ website until further notice.The Compound protocol itself is not impacted and all smart contract funds are safe.

— Michael Lewellen (@LewellenMichael) July 11, 2024

Compound allows users to deposit, lend and borrow tokens using the Ethereum blockchain. It holds over $2.3 billion worth of assets as of Thursday, making it one of the biggest DeFi services in the industry.

Compound's COMP token prices were little changed in the past 24 hours, CoinGecko data shows.