On Thursday, multiple DeFi protocols were targeted by a phishing attack, leading to the hijacking of domains associated with major projects like Compound. The attack aimed to redirect users to malicious websites designed to drain funds from their connected wallets. While Compound and other affected projects announced the situation was resolved, the full extent of the attack remains unclear.
Compound confirmed that its compound.finance website is secure again and urged users to restart their browsers and connect only to verified domains. The protocol itself was not compromised, and no smart contracts were affected. However, Compound advised users to revoke any approvals as a precautionary measure.
Celer Network also confirmed that it successfully intercepted an attempted takeover of its domains. Crypto security firm Blockaid reported that the attackers exploited DNS records of projects hosted on SquareSpace. The firm linked the attack to the Inferno drainer group, known for its drainer kit.
Web3 domain provider Unstoppable Domains emphasized the vulnerability of domain registrars, noting that if compromised, website traffic could be redirected without permission. The initial list of potentially vulnerable domains included over 120 sites. So far this year, $921 million has been lost to crypto hacks and fraud, a 24% increase from the previous year.
Reference: