DeFi Domains Hijacked: Squarespace DNS Attack 🚨
A wave of coordinated DNS hijacking attacks has targeted decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar. These attacks redirect visitors to phishing sites designed to steal cryptocurrency and NFTs from connected wallets.
How It Works
DNS hijacking occurs when an attacker modifies a target’s Domain Name System (DNS) records. This redirects traffic from a legitimate website to one under the attacker’s control, often a phishing page. Attacks are typically carried out by compromising a DNS server or the target’s account at a DNS service provider.
DeFi Platforms Targeted
- Compound Finance: The platform warned users not to visit its website and advised anyone who interacted with Compound dApps to revoke access.
- Celer Network: The platform intercepted the attempt and swiftly recovered its DNS records.
- Pendle: Users were advised to revoke approvals for its smart contracts and clear their browser cache.
- Unstoppable Domains: Reported that their domains were hijacked and had trouble contacting Squarespace.
Squarespace’s Role
All the compromised domains were originally registered at Google Domains, which were later force-transferred to Squarespace in 2023 as part of an asset purchase agreement with Google. Since then, Squarespace has begun migrating domains to its service.
During the transition to Squarespace, multi-factor authentication (MFA) was turned off on accounts. Security experts believe that this disabling of MFA and automatic account creation for domains associated with the migration process could be linked to the attack.
What to Do
If you have interacted with any of the affected platforms, take immediate action to mitigate risks:
- Revoke smart contract approvals.
- Change passwords.
- Transfer funds to a new wallet.
Be Vigilant
Researchers have compiled a list of domains of cryptocurrency and DeFi-related projects managed by Squarespace that might have been impacted. Be vigilant when interacting with these platforms until the situation is resolved.
This incident highlights the importance of strong security practices, particularly for crypto platforms. It’s crucial to be cautious when interacting with websites, especially those related to cryptocurrency.
