Targeting various distributed finance (DeFi) applications, a domain registry hack of great sophistication on July 11 caused illegal user redirections to dangerous websites.
Affecting major DeFi protocols such Compound Finance and posing a threat to many others within the ecosystem, the hack mostly uses domain names hosted by Squarespace, a widely used website-building platform.
DNS Entries Altered by Attackers
The attackers changed the DNS entries, therefore sending customers seeking access to authorized DeFi systems to phishing websites meant to gather private information and assets instead of the other way around.
Users attempting to use the Compound Finance interface at compound.finance were sent to a phoney website loaded with a drainer program meant for token syphoning first revealed the problem.
compiled a (partial) list of domains connected to square space that would be at risk of being hacked rn, i'd avoid them for nowhttps://t.co/Cih5YTgFL9
— 0xngmi (@0xngmi) July 11, 2024
Celer Network’s domain was similarly attacked in a comparable event; but, its monitoring systems successfully stopped the attack before any damage could result.
Celer Network reported the DNS assault at 1:38 p.m. UTC; Blockaid, a blockchain security platform, had verified that the altered DNS records affected numerous DeFi front ends housed on Squarespace by 3:38 p.m. UTC.
These events have spurred a lot of debate on the security flaws of DeFi apps depending on conventional Web2 architecture. Security experts believe the attack started from Google domain accounts used by these DeFi platforms.
All linked sites are now under further scrutiny following Squarespace’s purchase of Google Domains for $180 million.
List of Potentially Impacted Protocols
Subsequently, 0xngmi, the creator of DefiLlama, compiled over 100 possibly impacted DeFi protocols. Notable names on this list included Pendle Finance, Axelar, Vertex Protocol, PolyMarket, Karak Network, Hyper Liquid, Thorchain, Hop, dYdX, Polymarket, Satoshi Protocol, Nirvana, and LooksRare.
Pendle Finance advised users not to use the app as its breach was proven and its page was briefly suspended to stop more usage. Its cash stayed safe.
While Celer managed to identify and stop the attack beforehand, Compound confirmed that their domain had been hacked leading to redirection to a fraudulent site.
Both Compound Finance and Celer recognized the DNS takeover. Both companies are still looking at the whole extent of the hack in spite of these measures.
Metamask Alert
Reacting, well-known Web3 wallet provider MetaMask has set alarms for consumers making transactions on hacked websites. This tool seeks to raise users’ awareness of possible threats therefore lowering their chance of token theft.
Moreover, the community is recommended to avoid any interaction with DeFi apps housed on Squarespace domains until the danger is totally neutralized to stop asset theft.
Ongoing Threats and Necessary Precautions
Neither Celer Network nor Compound Finance has acknowledged as the situation develops that the threat has been totally eliminated. Although there have not yet been any fund theft recorded, increased awareness is still rather important.
Emphasizing the crucial need of strong security mechanisms, this current episode fits a trend of growing risks in the Web3 area.
Previous events like the $70 million Curve Finance hack and the malicious code injection into the Ledger Connect library in December, impacting practically the whole Ethereum Virtual Machine ecosystem, demonstrate the continuous and changing character of these threats.
Discussed as possible ways to strengthen the crypto ecosystem against such vulnerabilities include initiatives like SEAL 911 Telegram bot and security councils with industry players like Coinbase.
The post DeFi Under Attack: Sophisticated Domain Hijacking Exposed appeared first on Coinfomania.
