On July 11, several decentralized finance (DeFi) apps fell victim to a domain registry attack, according to a post on X by Blockaid.
On July 11, several decentralized finance (DeFi) apps fell victim to a domain registry attack, according to a post on X by Blockaid. The initial investigation suggests the attacker is targeting domain names hosted by Squarespace, putting any DeFi app using a Squarespace domain at potential risk.
The attacker managed to take over the DNS registry for Compound Finance and attempted, but failed, to do the same with Celer Network's registry. The issue first came to light when security researchers noticed the Compound interface at compound.finance was redirecting users to a malicious site. This site featured a drainer app designed to steal users' tokens.
At 1:38 pm UTC, Celer Network disclosed that it had also been targeted. However, thanks to its domain monitoring system, Celer detected and intercepted the takeover before any damage could be done. By 3:38 pm UTC, Blockaid had issued a warning that "multiple DeFi front ends are at risk of hijacking, with a few incidents already taking place." The attackers seem to be hijacking DNS records of projects hosted on Squarespace.
0xngmi, a developer at DefiLlama, shared a list of potentially affected domains. This list includes over 100 DeFi protocols like Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, and LooksRare, among others. Web3 wallet MetaMask warned users about possibly compromised apps linked to the attack. "For those of you using MetaMask, you’ll see a warning provided by @blockaid_ if you attempt to transact on any known site involved in this current attack," MetaMask announced.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
