DeFi Under Siege: Domain Registry Attack Wreaks Havoc on Squarespace-Hosted Apps
On July 11, a sophisticated attack on domain registries disrupted numerous decentralized finance (DeFi) applications. Users were massively redirected to malicious websites, causing alarm among both users and DeFi protocol developers.
Blockchain security platform Blockaid determined that the attackers exploited domains provided by the popular website creation service Squarespace. Notable affected protocols included Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains.
The attack was executed through the manipulation of Domain Name System (DNS) records, allowing the perpetrators to redirect users to phishing sites to steal their data and funds.
The first signs of the attack appeared when users attempting to access Compound Finance via “compound[.]finance” were redirected to a fraudulent token-stealing application. Simultaneously, the Celer Network was also targeted, but its monitoring system managed to thwart the takeover attempt.
Representatives of Celer Network swiftly informed the crypto community about the attack, and shortly thereafter, Blockaid specialists confirmed that numerous DeFi interfaces were at risk. The attacks were attributed to compromised DNS records on projects hosted via Squarespace.
Later, a developer from DefiLlama, known as 0xngmi, published a list of over a hundred potentially affected DeFi protocols, including Pendle Finance, Axelar, Vertex Protocol, PolyMarket, Karak Network, Hyper Liquid, Thorchain, Hop, dYdX, Satoshi Protocol, Nirvana, and LooksRare.
Pendle Finance confirmed the breach and temporarily disabled its website. Users were advised to refrain from using the proprietary application, although the company assured that all funds were secure.
MetaMask, a leading Web3 wallet provider, also responded by implementing warnings for users attempting to interact with compromised sites. These measures aimed to mitigate the risk of token theft.
Until further notice from the administrators of the affected platforms, users are advised to avoid any interactions with DeFi applications hosted on Squarespace domains. This precaution is essential to prevent potential token theft.
This unexpected and high-profile attack on DeFi applications through DNS vulnerabilities underscores the necessity for enhanced security measures in the Web3 space. Even in the realm of decentralized finance, elements of network infrastructure such as DNS and hosting providers remain critical points that malicious actors can exploit for nefarious purposes.
