DeFi
DeFi App Frontend Targeted in Domain Registry Attack on Squarespace
DeFi App Frontend Targeted in Domain Registry Attack on Squarespace
On July 11, several decentralized finance (DeFi) applications were targeted by a domain registry attack, according to a post on X by Blockaid. Initial investigation suggests that the attacker is targeting domain names hosted by Squarespace, putting any DeFi application using a Squarespace domain at risk.
The attacker managed to take control of Compound Finance’s DNS registry and attempted to do the same with Celer Network’s registry, but failed. The issue first surfaced when security researchers noticed that compound.finance’s Compound interface was redirecting users to a malicious site. The site offered a scraping application designed to steal users’ tokens.
At 13:38 UTC, Celer Network revealed that it had also been targeted. However, thanks to its domain monitoring system, Celer detected and intercepted the takeover before any damage was done. By 15:38 UTC, Blockaid had issued a warning that “several DeFi frontends are at risk of being hacked, with some incidents already underway.” The attackers appear to be hijacking the DNS records of projects hosted on Squarespace.
0xngmi, a developer at DefiLlama, shared a list of potentially affected domains. The list includes over 100 DeFi protocols like Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, and LooksRare, among others. Web3 wallet MetaMask warned users of potentially compromised applications linked to the attack. “For those of you using MetaMask, you will see a warning provided by @blockaid_ if you attempt to transact on a known site involved in this current attack,” MetaMask announced.