Compound Finance confirms website hack redirecting users to phishing site

07/11/2024 17:15
Compound Finance confirms website hack redirecting users to phishing site

Be aware: Compound Finance website compromised in a security breach. Stay safe and avoid visiting the website until further notice.

Compound Finance confirms website hack redirecting users to phishing site Compound Finance confirms website hack redirecting users to phishing site 4 seconds ago · 2 min read

Despite the domain hijacking, Compound's smart contract funds remain unaffected, says Security Advisor Michael Lewellen.

2 min read

Updated: Jul. 11, 2024 at 11:15 am UTC

Compound Finance confirms website hack redirecting users to phishing site

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

DeFi platform Compound Finance has suffered a significant security breach that has affected its official website. The protocol’s domain has been hijacked and is currently hosting a phishing site, posing a severe user risk.

Per Compound Labs’ official X account, the company issued an urgent warning at 10:15 A.M. on July 11, stating,

“The Compound Labs website (compound[.]finance) has been compromised. Please do not visit the website or click any links until further notice”.

Michael Lewellen, Compound’s Security Advisor, confirmed the breach on X, emphasizing that users should not interact with the Compound Finance website. Lewellen clarified that while the website has been compromised, the Compound protocol remains unaffected, and all smart contract funds are secure.

The incident appears to be a sophisticated phishing attack. The legitimate Compound Finance website has been replaced with a fraudulent site designed to steal user information and potentially their digital assets. This type of attack, known as domain hijacking, involves taking control of a domain name without the owner’s consent, usually via a breach of DNS credentials.

Blockchain investigator ZachXBT has warned the crypto community via Telegram to avoid using the Compound Finance website due to it redirecting to a scam site compound-finance[.]app.

Compound Finance DNS attack (ZachXBT)
Compound Finance DNS attack (ZachXBT)

This incident follows a previous security breach last year, where Compound Finance’s X account was hacked and used to promote a phishing site. That attack resulted in a reported loss of approximately $4.4 million LINK tokens.

The crypto community is advised to exercise extreme caution and avoid interacting with the Compound Finance website until official confirmation is provided that the issue has been resolved. Users should remain vigilant against potential phishing attempts and only rely on official communications from Compound Labs regarding updates on the situation.

Additionally, web3 security tools and browser extensions can help advise users of malicious links. Some examples include Malwarebytes Browser Guard, AegisWeb3, Pocket Universe, Wallet Guard, and MetaMask transaction insight Snaps.

[Author’s Note: I use Pocket Universe, which has saved me several times, but we cannot endorse any product or tool.]

Mentioned in this article

Posted In: Crime, DeFi, Hacks

Latest Alpha Market Report
Latest Press Releases

Read more --->