July 16, 2024 at 08:01AM
Cyber attackers exploited a flaw in Squarespace’s domain migration, compromising crypto platforms’ DNS records, redirecting visitors to potentially malicious pages. Attackers potentially gained access to Google Workspace, elevating their privileges and controlling billions of dollars of assets. Affected platforms have regained control, and Squarespace has tightened security measures. Users are advised to enable two-factor authentication and review domain settings.
The meeting notes detail a significant security breach involving multiple cryptocurrency platforms and the DNS hijacking of domains hosted on Squarespace. The attackers exploited flaws in the migration process from Google Domains to Squarespace, gaining access to Squarespace accounts and then modifying DNS records to redirect site visitors to potentially malicious pages, with the potential to impact billions of dollars in cryptocurrency assets.
Furthermore, the attackers could have abused Google Workspace reseller privileges to create new workspaces for domains or hijack existing ones, potentially enabling them to add new accounts, devices, or browsers, sync data, disable strong authentication, and more.
Squarespace has responded by ceasing the creation of new accounts using only an email address and advised domain owners to enable two-factor authentication, review contributor accounts, revert unauthorized changes in Google Workspace, review domain settings for any suspicious configurations, and more.
It’s essential for the affected crypto platforms and domain owners to take immediate action to secure their accounts and domains.