Several decentralized finance (DeFi) apps have fallen victim to a domain registry attack. Blockchain security platform Blockaid raised the alarm on July 11.
The attacker seized control of Compound Finance's DNS registry. They also tried and failed to hijack Celer Network's registry.
Blockaid's initial probe points to Squarespace domains being the target. This puts any DeFi app using Squarespace at potential risk.
The attack came to light when compound.finance started redirecting users to a dodgy site. This malicious site housed a drainer app, aiming to steal users' tokens.
Celer Network dodged a bullet. Their domain monitoring system caught the takeover attempt in time.
At 3:38 pm UTC, Blockaid dropped a bombshell. "Multiple DeFi front ends are at risk of hijacking," they tweeted. They fingered Squarespace's domain name registry as the likely culprit.
DefiLlama developer 0xngmi shared a list of potentially affected domains. It's a who's who of DeFi, featuring over 100 protocols. Big names like Pendle Finance, dYdX, and LooksRare made the cut.
MetaMask, a popular Web3 wallet, is stepping up. They're working to warn users about potentially compromised apps linked to the attack.
This isn't the first rodeo for the Web3 industry. Domain-name hijacking is just one of many attacks they've faced in the past year.
Remember the Ledger Connect library hack in December? That one hit almost the entire Ethereum Virtual Machine ecosystem. Talk about a headache.
It's clear that security remains a hot-button issue in the DeFi space. As the old saying goes, with great innovation comes great responsibility – and apparently, great risk.