DeFi apps on Squarespace are vulnerable to a DNS hijacking attack that redirects users to malicious sites. Over 120 DeFi protocols are potentially vulnerable, including Compound and Celer Network. Learn more about the DeFi security risk and how to protect yourself.
DeFi (Decentralized Finance) has emerged as a revolutionary force in the financial world. By leveraging blockchain technology, DeFi applications aim to empower users with more control over their finances with no interference from intermediaries. However, a recent security breach has exposed a vulnerability in DeFi apps hosted on Squarespace, a popular website-building platform.
The attack involved hackers hijacking the Domain Name System (DNS) records of DeFi applications. DNS acts as the phonebook of the internet, translating human-readable domain names into numerical IP addresses that computers can understand.
This domain registry attack, which occurred on July 11, 2024, potentially affected around 128 DeFi protocols. Oxngmi, a developer at the blockchain analytics platform DefiLlama shared a list of what they marked as a “List of domains that are registered with Squarespace and thus could be vulnerable.”
According to Blockchain security platform Blockaid’s investigation the attacker took control of the DNS registry for Compound Finance and attempted to control Celer Network’s registry. By compromising the DNS records, they were able to intercept legitimate DeFi platforms and redirect users to phishing sites for sensitive information and funds theft.
❗️This incident is still ongoing – we are seeing new malicious sites impersonating additional brands being created by the same attackers.
We urge projects to double check their domain security settings – feel free to reach out by DM for additional security guidance. https://t.co/B2L7JRpzCR
The attack was detected after users noted that Compound’s interface led to a malicious website featuring a token-draining application, and Celer Network confirmed an attempted domain takeover, which its monitoring system successfully thwarted. Both acknowledged the attack in separate statements.
Further probing revealed that the attacker is specifically targeting Squarespace domain names, which puts every DeFi app with a Squarespace domain at risk.
In response to the attack, MetaMask, a popular Web3 wallet, has implemented a warning system to flag potentially compromised DeFi apps. This additional layer of security aims to protect users from unknowingly interacting with malicious websites.
While the exact methods employed by the attackers remain under investigation, it is speculated that the attack vector likely originated from Google domain accounts used by these protocols. For your information, Squarespace acquired around 10 million domains hosted on Google Domains for $180 million in 2023. This acquisition could have provided attackers with a potential foothold to gain access to sensitive DNS information.
The DeFi space is still in its early stages, and security remains a significant concern. In December 2023, an attacker injected malicious code into the Ledger Connect library, affecting the Ethereum Virtual Machine ecosystem.
These incidents highlight the need for DeFi developers to prioritize robust security measures and for users to exercise caution when interacting with DeFi apps, especially those built on less rigorous security practices.
Your email address will not be published. Required fields are marked *
Super secure VPN
Minimal data logging
Favorable privacy policy
Visit IPVanish
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.
About The Author
More Stories
The Shift in Peering Threatening the Internet’s Foundations
Remembering Alan Barrett: A Builder of the African Internet
From Email to Case Study: What We Learned About Connecting Refugee Communities in Just One Year