Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
A powerful wave of phishing has overwhelmed disoriented crypto investors.
On July 11, a complex attack on domain registries occurred, affecting many applications of decentralized finance (DeFi). People were massively redirected to malicious sites, which caused alarm among both users and developers of DeFi protocols.
Blockaid, a blockchain security platform, found that the attackers took advantage of domains provided by the popular Squarespace service used to create websites. Well-known protocols such as Celer Network, Compound Finance, Pendle Finance and Unstoppable Domains were among the victims.
The attack was implemented through manipulation of domain name system (DNS) records, which allowed attackers to redirect users to phishing sites to steal their data and funds.
The first signs of the attack appeared when users who tried to access Compound Finance through the "compound [.] finance" website were redirected to a fake page with an application for stealing tokens. In parallel, the Celer Network was also attacked, but its monitoring system was able to prevent the capture attempt.
Representatives of the Celer Network quickly informed the crypto community about the attack, and a little later, Blockaid specialists confirmed that many DeFi interfaces were under threat. The attacks were caused by compromised DNS records on projects hosted through Squarespace.
Later, the developer of DefiLlama under the nickname 0xngmi published a list of more than a hundred potentially affected DeFi protocols, including, for example, Pendle Finance, Axelar, Vertex Protocol, PolyMarket, Karak Network, Hyper Liquid, Thorchain, Hop, dYdX, Satoshi Protocol, Nirvana and LooksRare.
Pendle Finance confirmed the breach and temporarily disabled its website. Users were advised not to use the proprietary application, although the company assured that all funds are completely safe.
MetaMask, a leading provider of Web3 wallets, also responded by implementing warnings for users attempting to interact with compromised sites. These actions were aimed at reducing the risk of token theft.
Until further notice from the administration of the platforms used, users are advised to avoid any interaction with DeFi applications hosted on Squarespace domains. This is the only way to prevent possible theft of tokens.
Such a high-profile and unexpected attack on DeFi applications through DNS vulnerabilities underscores the need for enhanced security measures in the Web3 space. Even in the world of decentralized finance, network infrastructure elements such as DNS and hosting providers continue to be critical points that can be exploited by malicious actors for their own gain.
Source
On July 11, a complex attack on domain registries occurred, affecting many applications of decentralized finance (DeFi). People were massively redirected to malicious sites, which caused alarm among both users and developers of DeFi protocols.
Blockaid, a blockchain security platform, found that the attackers took advantage of domains provided by the popular Squarespace service used to create websites. Well-known protocols such as Celer Network, Compound Finance, Pendle Finance and Unstoppable Domains were among the victims.
The attack was implemented through manipulation of domain name system (DNS) records, which allowed attackers to redirect users to phishing sites to steal their data and funds.
The first signs of the attack appeared when users who tried to access Compound Finance through the "compound [.] finance" website were redirected to a fake page with an application for stealing tokens. In parallel, the Celer Network was also attacked, but its monitoring system was able to prevent the capture attempt.
Representatives of the Celer Network quickly informed the crypto community about the attack, and a little later, Blockaid specialists confirmed that many DeFi interfaces were under threat. The attacks were caused by compromised DNS records on projects hosted through Squarespace.
Later, the developer of DefiLlama under the nickname 0xngmi published a list of more than a hundred potentially affected DeFi protocols, including, for example, Pendle Finance, Axelar, Vertex Protocol, PolyMarket, Karak Network, Hyper Liquid, Thorchain, Hop, dYdX, Satoshi Protocol, Nirvana and LooksRare.
Pendle Finance confirmed the breach and temporarily disabled its website. Users were advised not to use the proprietary application, although the company assured that all funds are completely safe.
MetaMask, a leading provider of Web3 wallets, also responded by implementing warnings for users attempting to interact with compromised sites. These actions were aimed at reducing the risk of token theft.
Until further notice from the administration of the platforms used, users are advised to avoid any interaction with DeFi applications hosted on Squarespace domains. This is the only way to prevent possible theft of tokens.
Such a high-profile and unexpected attack on DeFi applications through DNS vulnerabilities underscores the need for enhanced security measures in the Web3 space. Even in the world of decentralized finance, network infrastructure elements such as DNS and hosting providers continue to be critical points that can be exploited by malicious actors for their own gain.
Source
