Compound Finance and Celer Network websites compromised by front-end attacks

The websites of crypto lending platform Compound Finance and Celer Network have been attacked, redirecting users to a malicious phishing site, according to multiple security researchers.

Compound, one of the oldest decentralized finance (DeFi) applications, holds assets worth more than $2 billion, according to data by DeFiLlama. Celer’s cBridge allows users to send tokens between 14 blockchains, treatment over $200 million in volume last month.

Michael Lewellen, Compound DAO Security Advisor, published a community alert via X (formerly Twitter), urging users to avoid the platform’s website. Compound Finance confirmed the attack 90 minutes later. The breach was Underlines earlier by ZachXBT via Telegram.

Learn more: Compound Finance Upgrade Bug Locks Up $830 Million in Cryptocurrency

Celer Network alert Users were alerted four hours later of a similar attack that “appears to affect multiple projects at once,” security researcher Samczsun said. suspects The violations come from Squarespace. 0xngmi by DeFiLlama compiled a list of other areas that may be at risk.

This type of attack, called a “front-end” attack, is a relatively common vector for hackers. The method does not rely on finding a bug to exploit in the underlying smart contract code, but on simply replacing the project’s website with a malicious version.

A potential attacker must compromise the domain name service (DNS) registrar, typically by using financial incentives or social engineering techniques on an employee. In response to the frontal attack that hit Curve Finance in June 2022, the CEO of Namecheap (the responsible DNS registrar) declared that a customer service agent has been compromised, affirming they were either hacked or mined with bitcoin.

Learn more: At least $25 million lost in three incidents on busy day for hackers

Similar incidents have affected many major DeFi platforms, such as Curve Financing, Cream Finance, Pancake Exchange, Balance wheel, Frax And Velodromeamong others.

Previous hacks often involve cloning the original website, but swapping key elements can lead users’ wallets to create malicious transactions. This could involve transferring funds directly to an address controlled by the hacker or “harvesting” token approvals.

This approval-gathering technique was used with devastating effect in the $120 million case. BadgerDAO Hack from December 2021.

Over the course of 12 days, BadgerDAO users inadvertently signed malicious approval transactions that granted the exploiter permission to spend tokens directly from victims’ wallets. Celsius, now bankrupt, was among the victims. losing 897 BTC (worth over $40 million at the time), before confiscation $22 million in compensation due to “unforced error.”

Learn more: Seneca Protocol Hack Highlights Dangers of Ethereum’s Token Approval Mechanism

Despite today’s incident, Compound’s backend code is considered one of the most secure in DeFi, with any changes requiring careful review via a fully on-chain governance process.

Low-effort “forks,” however, regularly find themselves exploited due to questionable guarantees or basic errors during implementation new markets.

However, the compound itself has not been entirely free of problems in the past.

Learn more: The Linea ZeroLend protocol is a copy-paste Aave fork, linked to the original documents

The project’s X account was compromise in December 2023 to spread a phishing link, promising free COMP, the project’s native token.

In September And October In 2021, a total of nearly $150 million worth of COMP was accidentally distributed as excess rewards to users. Another incident the following year saw the platform’s $830 million ETH market frozen for a week.

Got a tip? Send us an email or ProtonMail. For more up-to-date information, follow us on X, Instagram, BlYouskiAnd Google Newsor subscribe to our Youtube channel.

Fuente