DeFi

Squarespace Domains Vulnerable to DNS Hijacking

Published

7 months ago

on

DeFi apps on Squarespace are vulnerable to a DNS hijacking attack that redirects users to malicious sites. Over 120 DeFi protocols are potentially vulnerable, including Compound and Celer Network. Learn more about the security risks of DeFi and how to protect yourself.

Challenge (Decentralized Finance) has become a revolutionary force in the financial world. By leveraging blockchain technology, DeFi apps aim to give users greater control over their finances without interference from middlemen. However, a recent security breach has exposed a vulnerability in DeFi apps hosted on Squarespace, a popular website building platform.

The attack involved hackers hijacking the domain name system (DNS) DeFi application records. DNS acts like the phone book of the internet, translating human-readable domain names into numeric IP addresses that computers can understand.

This domain registry attack, which occurred on July 11, 2024, potentially affected approximately 128 DeFi protocols. Oxngmi, a developer of blockchain analytics platform DefiLlama, shared a list of what they marked as a “list of domains registered with Squarespace and therefore potentially vulnerable.”

celer.network
pendle.finance
karak.network
compound.finance
hyperliquid.xyz
dydx.exchange
thorchain.com
threshold.network
nostra.finance
axelar.network
ariesmarkets.xyz
amnis.finance
mendi.finance
vertexprotocol.com
hop.exchange
polymarket.com
ouchi.finance
cellana.finance
orderly.network
aftermath.finance
yieldyak.com
evaa.finance
idle.finance
aftermath.finance
term.finance
steer.finance
wrapped.com
bitcow.xyz
hover.market
herewallet.app
pooltogether.com
xwin.finance
flat.money
kokonutswap.finance
mstable.org
klaybank.org
premia.finance
port.finance
antfarm.finance
sailingprotocol.org
d8x.exchange
pooltogether.com
apricot.one
tbtc.network
saddle.finance
toucan.earth
yieldyak.com
lockon.finance
aloe.capital
starlay.finance
unsheth.xyz
definix.com
stcelo.xyz
satoshiprotocol.org
fractional.art
stabble.org
kagla.finance
sonne.finance
dackieswap.xyz
88mph.app
ion.wtf
rift.finance
tashi.finance
premia.finance
layer2.finance
dackieswap.xyz
liquidfinance.xyz
tranche.finance
phoenixfi.app
fodl.finance
sailingprotocol.org
snowswap.org
rskswap.com
muuu.finance
sense.finance
aux.exchange
loanshark.tech
option.dance
viamover.com
metastreet.xyz
chainlist.org
jibswap.com
mare.finance
blastbrrr.com
unifiprotocol.com
auragi.finance
summitdefi.com
kassandra.finance
mozaic.finance
archimedesfi.com
3xcalibur.com
dirac.finance
thedragonslair.farm
thegeniustoken.com
esper.finance
astrofi.org
ohmycrypt.com
xbank.finance
nirvana.finance
mare.finance
thorchain.org
olympusdao.finance
avalaunch.app
syncbond.com
gyro.money
rvrs.app
tempus.finance
rare.fyi
ferrum.network
looksrare.org
ratio.finance
opulous.org
nftearth.exchange
pxswap.xyz
aptoslabs.com
unifiprotocol.com
foundation.app
florence.finance
near.org
safe.global
mantadao.app
meowl.xyz
aftermath.finance
litecoin.org
flare.network
tna-btc.com

According to the Blockchain Security Platform Blockaid’s investigation The attacker took control of Compound Finance’s DNS registry and attempted to control Celer Network’s registry. By compromising DNS records, they were able to intercept legitimate DeFi platforms and redirect users to phishing sites to obtain sensitive information and steal funds.

The attack was detected after users noticed that Compound’s interface led to a malicious website with a token harvesting application, and Celer Network confirmed a domain takeover attempt, which its monitoring system successfully thwarted. Both acknowledged the attack in separate statements.

Further investigation revealed that the attacker is specifically targeting Squarespace domain names, putting all DeFi applications with a Squarespace domain at risk.

In response to the attack, MetaMask, a popular Web3 wallet, hasimplemented an alert system to flag potentially compromised DeFi applications. This additional layer of security aims to protect users from unintentional interactions with malicious websites.

While the exact methods used by the attackers are still under investigation, it is believed that the attack vector likely originated from Google domain accounts used by these protocols. FYI, Squarespace acquired around 10 million domains hosted on Google Domains for $180 million in 2023. This acquisition could have provided attackers with a potential foothold to access sensitive DNS information.

The DeFi space is still in its early stages and security remains a major concern. In December 2023, an attacker malicious code injected in the Ledger Connect library, affecting the Ethereum Virtual Machine ecosystem.

These incidents highlight the need for DeFi developers to prioritize robust security measures and for users to exercise caution when interacting with DeFi applications, especially those based on less rigorous security practices.

  1. We Need Smarter Smart Contracts to Prevent DeFi Hacks
  2. New Linux Malware “NKAbuse” Uses Blockchain Technology to Spread
  3. SnatchCrypto Attack Hits DeFi and Blockchain Platforms with Backdoor
  4. Hackers Exploit Harmony’s Horizon Blockchain Bridge to Steal $100 Million
  5. LAZARUS APT Attack Uses TraderTraitor Malware to Target Blockchain Organizations



Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version