At least two defi protocols reported compromised domains in an apparent hacking campaign targeting crypto websites.
On Thursday, Celer Network and Compound Finance alerted the crypto community to an ongoing attack on their domain addresses. “We are investigating a potential DNS domain attack that seems to be hitting multiple projects at the same time,” the notice from Celer read.
A Domain Name System (DNS) involves stressing the stability of DNS service to gain control over a website and possibly redirect traffic to phishing hotspots.
Security experts said multiple decentralized finance protocols might be under siege by threat actors looking to steal funds. Some 11 platforms, including Pendle Finance, Polymarket, and THORChain, were named as potential targets. A partial list of websites at risk of being hacked may be found here.
According to Paradigm research samczsun, the hack likely originated from Google Doman accounts used by these protocols. Squarespace acquired Google Domains last year in a $180 million deal, and all websites associated with the company are currently under scrutiny.
At press time, neither Celer Network nor Compound Finance disclosed that the threat had been mitigated. In the meantime, users are advised to avoid interacting with defi dapps until further notice. Additionally, no funds had been reported stolen due to the DNS attack.
The matter underscores the need for defensive vigilance as hackers seek to compromise Web3 solutions via their Web2 connections. Last September, automated market maker Balance suffered a front-end attack. Before that, a bug in a code compiler employed by Curve Finance allowed bad actors to siphon over $70 million in crypto and exploit several protocols.
Since then, white-hat security experts have assembled efforts to mitigate the growing threat in crypto and Web3. Initiatives like the first-responder Telegram bot SEAL 911 and security councils featuring industry leaders like Coinbase have emerged to combat the issue.