DeFi

Over 120 DeFi Protocols Threatened by Alleged Squarespace DNS Attack

Published

7 months ago

on


Key points to remember

  • Blockaid has identified a DNS attack targeting DeFi applications hosted on Squarespace.
  • MetaMask actively warns users about compromised DeFi applications.

Share this article



Blockchain security firm Blockaid has warned of a potentially widespread domain hijacking incident affecting Compound, Celer Network, and potentially 120 other protocols. reportA new frontal attack was detected today, July 11, preceded by an initially benign attack on July 6.

This development follows a report from Crypto Briefing published earlier today on Confirmation from Compound Labs that the front-end of their website, composed[.]Finances were compromised. Blockaid notes that the attacker also attempted to compromise Celer Network after taking control of Compound’s DNS.

The attack was first detected when users noticed Compound’s interface on Compound[.]finance redirecting to a malicious website containing a token draining application. Celer Network also confirmed a attempted takeover of his domain, which was thwarted by his surveillance system.

Blockaid’s investigation suggests that the attacker is specifically targeting domain names provided by Squarespace, potentially putting any DeFi applications using a Squarespace domain at risk.

“Based on initial assessment, it appears that the attackers are operating by hijacking DNS records of projects hosted on SquareSpace,” the security firm said. indicated on X.

0xngmi, developer of blockchain analytics platform DefiLlama, has shared a list of 125 DeFi protocols that could be affected by this attack. The list includes major projects such as Thorchain, Aptos Labs, Near, Flare, Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, Ferrum, and MantaDAO, among others.

In response to the threat, Web3 wallet MetaMask announcement The company is working to warn users of potentially compromised applications associated with the attack. “For those of you using MetaMask, you will see a warning provided by @blockaid_ if you attempt to transact on a known site involved in this current attack,” the company said.

This domain name hijacking incident is the latest in a series of attacks targeting the DeFi sector. In December, a similar attack saw Malicious code injected into Ledger Connect libraryaffecting a large part of the Ethereum virtual machine ecosystem.

Possible exploitation methods

The possible DNS attack on over 120 DeFi protocols has sparked speculation about the potential exploitation methods employed.

According to a security researcher in direct contact with this author, possible methods could range from sophisticated pre-registration tactics, in which threat actors may have registered domains before the transfers from Google to Squarespace were completed, to mass domain registrations potentially mixed with legitimate Squarespace domains.


SapphireSapphire

The researcher, who responded to questions on condition of anonymity, noted that this series of incidents could also have been carried out through DNS cache poisoning, more commonly known as DNS spoofing, a method in which false data is injected into a DNS cache, causing DNS queries to return an incorrect response, directing users to bogus, potentially malicious websites.

Based on this author’s conversations with the security researcher, more alarming theories suggest a direct breach of Squarespace’s security, potentially allowing attackers to manipulate DNS records directly from the source.

While a typical domain transfer hold period makes some attack vectors less likely, the large-scale impact suggests a systemic vulnerability. For context, Squarespace announced that it has completed the acquisition of Google’s domain activity on September 7, 2023.

It is important to note that these are speculative theories and not confirmed facts about the attack method. The exploit likely used a combination of tactics or a yet-undisclosed vulnerability in the domain management system.

This story is developing and will be updated. Crypto Briefing has reached out to Squarespace for comment.

Share this article



Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version