More than 120 encryption platform front-ends may be vulnerable to DNS attacks, experts urge users to hold off on interacting with the protocol

Experts are urging Web3 users to avoid interacting with front-end interfaces of decentralized finance (DeFi) protocols, as many websites may be vulnerable to DNS attacks due to domain name migrations related to website hosting company Squarespace’s acquisition of Google’s domain business, The Defiant reported. .
The front-end domains of DeFi protocols Compound Finance, Pendle Finance, and cross-chain protocol Celer Network were targeted due to a domain migration that disabled two-factor authentication (2FA) for sites previously managed by Google. These three protocols have each stated on the X platform that their domains are secure.
Bobby Ong, co-founder of cryptocurrency information platform CoinGecko, said:
"There is an ongoing DNS attack affecting Squarespace domain registrants. The best course of action is to not interact with cryptocurrencies and take a break for a few days until everything is resolved."
0xngmi, the founder of blockchain data platform DeFi Llama, shared a list of more than 120 DeFi domains that may be vulnerable to attack, writing: “This is a list of all domains that share this registrant, so they may be at risk of being hacked. Risk of customer attack.”
compiled a (partial) list of domains connected to square space that would be at risk of being hacked rn, i'd avoid them for nowhttps://t.co/Cih5YTgFL9
— 0xngmi (@0xngmi) July 11, 2024
The front-end user interface (UI) allows users to interact with the DeFi protocol through a typical graphical interface (GUI) hosted on a web domain. Although the front-end of the DeFi project may be vulnerable to attacks, the incident did not affect the underlying web3 backend Protocols, which are protocols that facilitate server-side operations, databases, and application logic.
Domain migration
Google sold its domain business to Squarespace in June 2023. However, it wasn’t until two days ago on July 10 that the website in question was migrated from Google to Squarespace.
Domain owners appear to be unaware that their two-factor authentication functionality will be disabled during the migration process, leaving many domains open to potential DNS attacks. Attackers were able to redirect DNS records of popular DeFi front-end websites to malicious addresses for hosted wallet attacks and phishing attacks.
"Based on initial assessment, the attackers appear to be operating by hijacking DNS records for projects hosted on SquareSpace," Web3 security firm Blockaid wrote on X. "The attackers are using drainer tools associated with the latest iteration of the Inferno drainer group. Bag."
Inferno Drainer is designed to trick unsuspecting users into approving malicious transactions, transferring the victim's funds to the hacker's wallet. Explaining the incident, Pendle wrote:
“Our bots detected that a new malicious DNS record was added, redirecting Pendle’s dApp (decentralized application) to a malicious website.”
Post MortemFor context – Squarespace purchased all domain registrations and related customer accounts from Google Domains in June 2023, which forced the migration of domains.Recently, attackers exploited a vulnerability in Squarespace, hijacking domains hosted on their… https://t.co/0lgcvzss2r
— Pendle (@pendle_fi) July 12, 2024
Source
Explore More From Creator

Latest News
