DeFi

DeFi Apps Targeted in Apparent Squarespace DNS Registry Attack: Blockaid — TradingView News

Published

7 months ago

on

Several decentralized finance (DeFi) applications were targeted by a domain registry attack on July 11, according to a blog post published on X by blockchain security platform Blockaid. The attacker took control of Compound Finance’s DNS registry and attempted, unsuccessfully, to take control of Celer Network’s registry.

After a preliminary investigation, Blockaid concluded that the attacker is targeting domain names provided by Squarespace, potentially putting any DeFi application with a Squarespace domain at risk.Cointelegraph

Security researchers became aware of the attack when compound.finance’s Compound interface began redirecting to a malicious website. The malicious site was equipped with a scraping application that attempted to steal users’ tokens.

At 13:38 UTC, an attack took place. However, in this case, Celer said its domain monitoring system detected the takeover and intercepted it before it could succeed.

At 15:38 UTC, Blockaid announced that “several DeFi front-ends are at risk of being hacked, with some incidents already underway.”[.]Minutes later, the security firm said it believed the attacks originated from Squarespace’s domain name registry. “Based on an initial assessment, it appears the attackers are operating by hijacking the DNS records of projects hosted on SquareSpace,” it said.

0xngmi, the developer of blockchain analytics platform DefiLlama, has published a list of domains that may have been affected by the attack. The list includes over 100 DeFi protocols, including Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, LooksRare, and many others.

Web3 wallet MetaMask announced that it was attempting to warn users of potentially compromised applications associated with the attack. “For those of you using MetaMask, you will see a warning provided by @blockaid_ if you attempt to transact on a known site involved in this current attack,” it said.Cointelegraph

Domain name hijacking is one of several attacks on the Web3 industry over the past year. In December, an attacker injected malicious code into the Ledger Connect library that most Web3 applications use for wallet connections, affecting nearly the entire Ethereum Virtual Machine ecosystem.

Magazine: Crypto-Sec: Phishing Scammer Targets Hedera Users, Address Poisoner Gets $70,000

Source

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version