July 12, 2024 at 02:34PM
Coordinated DNS hijacking attacks impact decentralized finance (DeFi) crypto platforms using Squarespace registrar. Attackers redirect visitors to phishing sites, aiming to drain wallets. Platforms such as Compound Finance, Celer Network, and Pendle warn users and assure fund safety. Attackers exploit a vulnerability stemming from domain migration. Security experts recommend enabling multi-factor authentication and vigilance when accessing affected platforms.
Based on the meeting notes, here are the key takeaways:
– Multiple decentralized finance (DeFi) cryptocurrency domains have been targeted in coordinated DNS hijacking attacks, redirecting visitors to phishing sites.
– Attackers have targeted DeFi platforms such as Compound Finance, Celer Network, and Pendle, leading to warnings for users to revoke access and take immediate action to mitigate risks.
– Unstoppable Domains also reported domain hijacking issues and is facing challenges in contacting Squarespace to resolve the situation.
– The compromised domains were originally registered at Google Domains and force-transferred to Squarespace in 2023 as part of an asset purchase agreement with Google.
– The hijacking attacks might be linked to the disabling of multi-factor authentication during the migration process and the automatic creation of accounts for users associated with the domains.
– Attackers might be utilizing reseller access and newly created accounts to exploit the situation and have possibly targeted other Squarespace customers through wider credential attacks.
Overall, it is important for users to be vigilant when interacting with cryptocurrency and DeFi-related platforms managed by Squarespace and to take immediate action to secure their accounts and mitigate potential risks. Additionally, efforts should be made to reach out to Squarespace for a response on the situation.