DeFi apps targeted in apparent Squarespace DNS registry attack: Blockaid
Multiple decentralized finance (DeFi) apps have been targeted in a domain registry attack on July 11, according to an X post from blockchain security platform Blockaid. The attacker has taken control of the DNS registry for Compound Finance and has attempted but failed to take control of Celer Network’s registry.
After a preliminary investigation, Blockaid concluded that the attacker is targeting domain names provided by Squarespace, potentially putting any DeFi app with a Squarespace domain at risk.
Security researchers first became aware of the attack when the Compound interface at compound.finance began redirecting to a malicious website. The malicious site was equipped with a drainer app that attempted to steal users’ tokens.
Related: Compound Finance site potentially breached — ZachXBT
At 1:38 p.m. UTC, been attacked. However, in this case, Celer stated that its domain monitoring system had detected the takeover and intercepted it before it could succeed.
At 3:38 pm UTC, Blockaid announced that “multiple DeFi front ends are at risk of hijacking, with a few incidents already taking place[.]” A few minutes later, the security firm claimed that it believed these attacks were rooted in Squarespace’s domain name registry. “From initial assessment, it appears that the attackers are operating by hijacking DNS records of projects hosted on SquareSpace,” it stated.
0xngmi, developer of blockchain analytics platform DefiLlama, posted a list of domains that may be affected by the attack. The list includes more than 100 DeFi protocols, including Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, LooksRare, and many others.
Web3 wallet MetaMask announced that it is attempting to warn users of possibly compromised apps associated with the attack. “For those of you using MetaMask, you’ll see a warning provided by @blockaid_ if you attempt to transact on any known site that’s involved in this current attack,” it stated.
Domain-name hijacking is one of several attacks against the Web3 industry over the past year. In December, an attacker injected malicious code into the Ledger Connect library that most Web3 apps use for wallet connections, affecting nearly the entire Ethereum Virtual Machine ecosystem.
Magazine: Crypto-Sec: Phishing scammer goes after Hedera users, address poisoner gets $70K
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Nexchain Raises $1.5 Million in Presale: Is This the Top ICO of 2025?
Nexchain has actual tech, a trustworthy team, a clear plan, and a utility and long-term coin. Its $1.5 million early success is more than hype, it shows that seasoned investors see the possibilities.Nexchain: Best Crypto ICO of 2025Other Major Crypto Presales to Look Out ForFinal Words: Nexchain, the High-Potential ICO to Invest In
Anchorage Digital Buys USDM Issuer Mountain Protocol
Anchorage Digital acquires Mountain Protocol to boost its stablecoin portfolio with regulated USDM.Anchorage Digital Expands with Mountain Protocol AcquisitionWhy This Acquisition MattersA Growing Role in Crypto Banking
$6B USDT Inflows Spark Altcoin Surge
Tether injects $6B into the market, fueling altcoin momentum as Ethereum gains dominance.Altcoin Rally Fueled by USDT InjectionsEthereum Gains, Bitcoin Loses GroundAltcoins Catch the Momentum
Can Unstaked 1000x & Hit Top 30 Market Cap? Analysts Think So – More on Ethereum Insights, Pi Price Surge
Unstaked’s $0.008481 presale could deliver 1000x returns and a top 30 market cap. Get expert insights on Ethereum’s Pectra upgrade and the latest Pi (PI) price surge.Unstaked: The Next MATIC Moment?Ethereum (ETH) Insights: Pectra Upgrade Sparks OptimismPi (PI) Price Surge: Can It Break Out of Consolidation?Wrapping Up
Trending news
MoreCrypto prices
More
