Draining domains on the loose! π΅️♂️ Earlier yesterday, the domain of the popular DeFi lending platform Compound Finance was exploited, redirecting users to a page that would drain their connected wallets. ZachXBT first highlighted the attack as 'a potential hijack' before they were officially confirmed by the protocol as a DNS domain attack. While the team has yet to provide further details on their investigation into the exploit, Compound has stated that all smart contracts and deposited funds remain secure. However, members of the crypto community suspect that a vulnerability within the websites' domain registrar, Squarespace, may be the cause behind the recent attack. Ido Ben-Natan, the co-founder of blockchain security firm Blockaid, stated that over 200 protocols remain at risk from hackers targeting DNS records on Squarespace. As posted on X by the founder of DeFiLlama, 0xngmi, the list includes front-ends for popular crypto protocols such as Pendle, Karak, and Hyperliquid. Editor's Note: These aren't just small yield farms or forks on obscure chains that are getting hacked - these are real protocols with hundreds of millions in TVL. While it might seem fine to still interact with these protocols since the smart contracts themselves are secure, it's probably best to wait it out until the potential domain exploit can be contained and mitigated. |
0 Komentar untuk "π¦π Better double-check those URLs! π"