The world of DeFi (Decentralized Finance) was shocked by cyber attacks that threatened more than 100 protocols. This incident involved a domain registry attack that redirected users to a malicious website, potentially stealing sensitive information and funds from unwary users.
Chronology of Attacks
According to a report from Blockaid, attackers exploited a weakness in Squarespace's website creation service. They manipulated the DNS (Domain Name System) of several leading DeFi sites, including Compound Finance and Celer Network. For example, users trying to access the Compound Finance interface in the compound.finance domain were redirected to a fake website with a drainer application designed to steal user tokens.
In this event, several platforms such as Celer Network managed to prevent losses by detecting and stopping the attack before it had further impact. However, this threat remains a cause for concern for the DeFi ecosystem as a whole.
Response and Security Measures
Pendle Finance, one of the affected platforms, immediately took down their page and warned users not to use the app until the situation is under control. Compound Finance also confirmed that their domain had been compromised. Additionally, MetaMask, a leading Web3 wallet provider, added a warning for users who try to transact on sites that are indicated to be infected.
This attack highlights the importance of a strong security system in the DeFi space. Users are advised to exercise caution and always double-check website addresses before interacting with dapps or other financial services.
Recommendations and Safe Measures
DeFi users are advised to avoid interacting with applications or services hosted on Squarespace domains until further notice. Additionally, maintaining personal security by using two-factor authentication (2FA) and avoiding clicking suspicious links can help prevent potential loss of funds.
DYOR (Do Your Own Research): Always conduct thorough research before investing in or interacting with a DeFi platform. The information presented here is for informational purposes only and does not constitute financial advice. Risk is always present in investing, and the final decision is yours.