DeFi Apps Targeting Clear Squarespace DNS Registry Attack: Blockaid

DeFi Apps Targeting Clear Squarespace DNS Registry Attack: Blockaid


Several decentralized finance (DeFi) applications were targeted in a domain registry attack on July 11, blockchain security platform Blockaid said in a post on X. The attacker took over the DNS registry for Compound Financial and tried to take over the registry of the Cellar network – but failed.

After preliminary investigation, Blockaid concluded that the attacker is targeting domain names provided by Squarespace, which could put any DeFi application with Squarespace domain at risk.

Source: Blockaid

Security researchers first became aware of the attack when the Compound interface on compound.finance started redirecting to a malicious website. The malicious site is equipped with a draining application that attempts to steal users' passwords.

Related: Compound Finance Site Could Be Hacked – ZachXBT

okex

At 1:38 PM UTC, Cellar Network announced that it had also been attacked. However, in this case, Seller claims that it discovered that the domain's control system had been seized and caught it before it failed.

At 3:38 pm UTC, Blockade announced that “several Defy front ends are at risk of being hacked, due to a few previous incidents.”[.]” “From initial assessment, it appears that the attackers are working by hacking the DNS records hosted on Squarespace,” he said.

0xngmi, developer of blockchain analytics platform Defillama, has released a list of domains that may be affected by the attack. The list includes over 100 DeFi protocols including Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, LooksRare and others.

Web3 wallet MetaMask has announced that it is trying to warn users about potentially hacked apps related to the attack. “For those of you using MetaMask, you will see a warning issued by @blockaid_ if you try to make a transaction on any known site involved in this current attack,” he explained.

73e6da75 dc01 43ad b941 b793da1ee7cd
Source: MetaMask

Domain name hacking has been one of the attacks on the web3 industry in the past year. In December, an attacker injected malicious code into the Ledger Connect library that most Web3 applications use for wallet connectivity, affecting the entire Ethereum Virtual Machine ecosystem.

Magazine: Crypto-Sec: Phisher Follows Hedera Users, Address Poison Gets $70K

Leave a Reply

Pin It on Pinterest