- Compound Finance alerts users about a phishing website after Celer Network stopped a takeover of a website.
- breaches connected to the removal of two-factor authentication and Squarespace’s purchase of Google Domains.
- The attack on Thursday was less successful; not much money was taken, and the perpetrators were blocked by wallets.
One of the two Web3 businesses with compromised websites, Celer Network, claims to have stopped an attempt to take over its website. Users are still being advised by Compound COMP -3.23% Finance not to visit its front-end website as it has been diverted to a fraudulent phishing domain.
In the crypto world, phishing scams are frequent. Occasionally, prominent figures in the sector or celebrities have their social media accounts hijacked, and some people receive links to malfunctioning wallets. Attacks on protocol websites are less frequent, although they still occur.
Michael Lewellen, a developer at OpenZeppelin and a security advisor for Compound DAO, stated on X that everyone should be extremely cautious and steer clear of the $2 billion decentralized lending protocol’s website. Four hours later, Celer posted a similar warning that has since been removed.
The initial notification alerted recipients to a DNS domain attack that was simultaneously affecting several projects.
The front-end websites of at least 128 protocols, including well-known programs like Pendle Finance, dYdX, Thorchain, Axelar, and Thorchain, are allegedly also vulnerable, according to DeFiLlama developer 0xngmi. He explained that although these websites are not compromised, they are vulnerable due to their use of Squarespace.
Axelar, for its part, stated on social media site X on Thursday morning that its staff are still actively monitoring the situation and that no problems have been found with any of the Axelar websites.
Squarespace has not sent an alert indicating that they were looking into any compromised systems, nor has it acknowledged the attacks. Two weeks have passed since the last update on its status page, which mentioned a difficulty with domain reselling.
Squarespace vulnerabilities may have contributed to the breach
Anonymous researcher Samczsun and Web3 security company Blockaid both proposed that Squarespace, a domain registrar that Squarespace just purchased from Google Domains, is the source of the problem. A number of websites reportedly lost their two-factor authentication during the move, making them vulnerable to hacking.
Based on web data, it seems that hackers took control of the projects’ DNS records and connected them to a new, hacked IP address.
Blockaid claims that the attackers make use of a well-known drainer kit linked to the wallet-stealing organization Inferno Drainer. Since its launch in August 2023, Inferno has taken at least $180 million in cryptocurrency from over 189,000 victims, according to data from Dune Analytics.
The trick on Thursday, though, seems to have worked less well. There are less than 1,400 cryptocurrencies in an address connected to the rogue website. Over $142,000 worth of Ethereum is held in a second address that has been active for almost a year.
The addresses have already been blacklisted by a number of wallets, including Zerion, Coinbase Wallet, and MetaMask.
The origin of the attack, whether a Squarespace employee is to blame or was socially engineered, and whether or not attackers were able to gain access to the protocol’s accounts are all unknown at this time. The protocols themselves were not jeopardized.
Attackers have used similar techniques to take advantage of a number of different DeFi platforms throughout time, such as Pancake Swap, Curve Finance, and Frax.
Aloe Labs, one of the Web3 projects, announced that it will be switching to a new domain name supplier.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.
