The Compound Finance website has apparently fallen victim to a hijacking incident, according to crypto investigator ZachXBT.
In a recent post on Telegram, ZachXBT informed the community about the compromised website, advising users to steer clear of it due to potential security risks.
The investigator revealed that the website has been redirecting users to a recently registered phishing site, raising concerns about the safety of personal data and funds.
Compound Finance Confirms Breach
Confirming the breach, a member of the Compound Finance team encouraged users to avoid interacting with the compromised website.
Michael Lewellen, a security adviser at the Compound Finance DAO, disclosed that the URL had been compromised and was currently hosting a phishing platform.
Lewellen cautioned users against engaging with the site but assured them that the protocol itself remained unaffected, with funds secured by the smart contracts.
ALERT: The https://t.co/vSAGYl6wwJ URL has been compromised and is currently hosting a phishing site. DO NOT interact with the https://t.co/vSAGYl6wwJ website until further notice.
The Compound protocol itself is not impacted and all smart contract funds are safe.
— Michael Lewellen (@LewellenMichael) July 11, 2024
Notably, this is not the first time Compound Finance has encountered such security breaches.
In 2023, the decentralized finance (DeFi) protocol’s official account, known as X, was hijacked by hackers who exploited the company’s social media platform to promote a phishing website.
The compromised account posted an advertisement offering free crypto tokens and directed users to click on a link that impersonated the official site.
However, the scam was swiftly identified and flagged by vigilant users.
Cybersecurity blogger Officer’s Notes and blockchain security platform Scam Sniffer both confirmed that the compromised account had been sharing phishing links.
Earlier this year, on April 4, Ronghui Gu, the CEO co-founder of CertiK, urged the crypto community to proactively prepare for security attacks as the market continued to expand.
At the time, he said there has been a concerning rise in phishing attacks within the crypto space, prompting the call for enhanced security practices.
In a recent report on July 3, the company noted that losses from crypto security incidents had amounted to $1.19 billion in the first half of 2024, with nearly $498 million attributed to phishing attacks.
Gu emphasized the importance of implementing multifactor authentication and adopting robust security measures to mitigate such risks.
Crypto Market Recovers Over Half of Stolen Funds in Q2
The cryptocurrency market has shown great resilience in the face of adversity, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024.
In Q2 2024, $347.4 million of the stolen crypto funds were successfully recovered or frozen out of the total $512.9 million lost, according to Hacken’s Web3 Security Report Q2 2024.
“For the second consecutive quarter, the silver lining amid the alarming rate of theft in crypto is the amount of funds recovered,” the report wrote.
It is worth noting that cryptocurrency scams have thrived on X, with analysts attributing a significant portion of all crypto scams to scammers on the platform.
Scam Sniffer, a web3 anti-scam company present on X, conducted an analysis revealing that nearly $50 million is lost each month due to account impersonation on X.com.
Just recently, Binance co-founder Yi He raised concerns about the proliferation of cryptocurrency scams on X, questioning whether Musk would take action to tackle the issue.
