‘Do Not Visit’: DeFi Protocols Compound and Celer Hit With Wallet Drainer Attacks - Decrypt

07/11/2024 14:00
‘Do Not Visit’: DeFi Protocols Compound and Celer Hit With Wallet Drainer Attacks - Decrypt

Both the Compound and Celer sites now redirect to wallet-drainer scam pages after a DNS attack that appears to be hitting multiple projects.

We do the research, you get the alpha!

Get exclusive reports and access to key insights on airdrops, NFTs, and more! Subscribe now to Alpha Reports and up your game!

Go to Alpha Reports

The websites of Ethereum-based DeFi protocol Compound and multi-chain interoperability protocol Celer Network have both been compromised, with their respective front-ends both currently redirecting visitors to a page that drains the funds from connected wallets.

Compound is a decentralized finance (DeFi) protocol that allows users to borrow crypto and provide loans by locking their assets. Pseudonymous on-chain sleuth ZachXBT first reported the apparent attack via his Telegram channel, alerting of a “potential” hijack.

An hour later, Web3 security tool Harpie furthered this claim, stating that the site now redirects to a page that drains wallets that connect. Compound eventually confirmed the attack itself, stating that its website had been compromised.

“Please do not visit the website or click any links until further notice,” Compound wrote.

🚨 URGENT: The Compound Labs website (compound[.]finance) has been compromised.

Please do not visit the website or clink any links until further notice. An update will be provided when available.

This is our final message // end of tweet. 🚨

— Compound Labs (@compoundfinance) July 11, 2024

Currently, the extent of the security breach is unknown. Compound has yet to confirm how it occurred or if anything other than its website has been affected. Michael Lewellen, security solutions architect at smart contract auditing firm OpenZeppelin, wrote that he believes that the protocol itself is not impacted—meaning that “all smart contract funds are safe."

Not long after, interoperability protocol Celer Network also suffered a “DNS domain attack” that the project claims is “hitting multiple projects at the same time.” Again, the URL now redirects to a drainer page.

Decrypt reached out to both Compound and Celer for comment, but did not immediately hear back from either project.

“The domains for Celer and Compound just got hacked,” pseudonymous DeFi Llama founder 0xngmi wrote on Twitter. “The leading suspect is that something is going on in their registrar: Squarespace.”

Squarespace is a popular website building and hosting site that many businesses use—including crypto projects like Polymarket, dYdX, and Karak Network, per a list created by 0xngmi. None of these projects have publicly commented.

Edited by Andrew Hayward

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Read more --->