Several decentralized finance (DeFi) apps were attacked in the domain registry on July 11. This was written about by the blockchain security platform Blockaid on X. The attacker was able to take over the DNS register for Compound Finance, but they failed when they tried to take over Celer Network’s registry.
Based on what Blockaid has learned at this point, the attacker seems to be focused on domain names that Squarespace offers. This means that any DeFi app that uses a Squarespace domain could be at risk.
Blockaid Issues DeFi Warning
It became clear that there was an attack when the Compound interface at compound.finance started sending users to a fraudulent site with a drainer app that was intended to steal tokens. Celer Network also said that an attack was made, but that its domain tracking system saw the attempt and stopped it before it could happen.
Blockaid said that multiple DeFi front ends are at risk of hijacking, with a few incidents already taking place. Blockaid’s analysis shows that the attackers are taking over the DNS records of Squarespace projects.
A worker at the blockchain analytics platform DefiLlama named 0xngmi shared a list of domains that could be affected. The list included over 100 DeFi protocols, such as Pendle Finance, dYdX, Polymarket, Satoshi Protocol, Nirvana, and LooksRare.
MetaMask, a Web3 wallet service, said it was working to let users know about apps that may have been hacked because of the attack. “For those of you using MetaMask, you’ll see a warning provided by @blockaid_ if you attempt to transact on any known site that’s involved in this current attack,” said MetaMask.
This case of domain name hijacking is one of many that have been launched against the Web3 business in the past year. In particular, in December, someone put harmful code into the Ledger Connect library. This library is used by many Web3 apps to connect wallets in the Ethereum Virtual Machine environment.
