Attack targets Compound, Celer Network, and others, redirecting users to malicious sites designed to drain funds from connected wallets.
Over 220 decentralized finance (DeFi) protocols are currently at risk due to a DNS hijacking attack targeting DNS records on Squarespace. This incident has impacted well-known protocols such as Compound and Celer Network, redirecting visitors to malicious pages designed to drain funds from connected wallets.
How the Attack Happened
The attackers executed the hijacking by manipulating DNS records on Squarespace. When users attempted to access the affected DeFi protocols, they were redirected to fraudulent websites. These malicious sites prompted users to sign transactions, unknowingly transferring their assets to the attackers’ addresses.
Tools Used in the Attack
The attackers employed a tool known as Inferno Drainer’s wallet kit. This tool facilitated the theft by creating convincing prompts for users to sign transactions. Once signed, these transactions transferred the users’ funds directly to the attackers’ wallets.
Response and Tracking
Security firm Blockaid, along with other cybersecurity entities, is actively tracking the situation. They are working to mitigate the risks and prevent further losses. The incident underscores the importance of robust security measures in the DeFi space.
Enhanced Security Measures
In light of this attack, experts are emphasizing the need for enhanced security protocols. One suggested measure is the implementation of verified onchain records for domain updates. This would add an additional layer of security, making it more difficult for attackers to manipulate DNS records.
Practical Takeaways
For users and developers in the DeFi space, this incident serves as a critical reminder of the importance of security. Users should be cautious when interacting with DeFi protocols and ensure they are accessing legitimate sites. Developers should prioritize implementing advanced security measures to protect their platforms and users.