On July 11, several decentralized finance (DeFi) applications were targeted by a domain registration attack, according to an X post from blockchain security platform Blockaid. The attacker took control of Compound Finance's DNS record and tried to control Celer Network's record but failed.

According to Blockaid's preliminary research, the attacker is targeting domains provided by Squarespace, potentially putting any DeFi application with Squarespace domains at risk.

Security researchers first became aware of an attack on the compound interface compound.finance. The malicious site was equipped with a drainer application that attempted to steal users' tokens.

Celer stated that the domain monitoring system detected the takeover and blocked it before it could succeed.

Blockaid announced that “numerous DeFi frontends are at risk of a hijack where several events have already occurred.” The security firm stated that it believes these attacks are rooted in Squarespace's domain registry.

0xngmi, developer of blockchain analytics platform DefiLlama, published the list of domains that may be affected by the attack. The list includes more than 100 DeFi protocols, including Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, LooksRare and many others.

Web3 wallet MetaMask announced that it is trying to warn users about compromised applications that may be related to the attack.

Domain hijacking is one of several attacks against the Web3 industry in the last year. In December, an attacker injected malicious code into the Ledger Connect library, which most Web3 applications use for wallet connections, affecting almost the entire Ethereum Virtual Machine ecosystem.

What do you think about this? We are waiting your comments.#blockchain#DeFi #security