Celer Network successfully intercepted an attempted takeover of its website on Thursday, potentially safeguarding 128 Web3 projects.
The attack stemmed from suspected vulnerabilities at the domain hosting firm Squarespace. Early reports indicated that issues with Squarespace’s domain registrar services might have facilitated the attack.
The compromised websites raised alarms in the crypto community, with major platforms like Compound Finance issuing warnings. “Users should not access our front-end website due to redirection to a phishing site,” Compound Finance advised, emphasizing the seriousness of the threat.
Widespread Concerns and Responses
Phishing schemes in crypto often involve high-profile social media account takeovers, leading users to malicious wallet links. Direct attacks on protocol websites are less common but can have devastating effects.
Michael Lewellen, a security advisor for Compound DAO and developer at audit firm OpenZeppelin, advised the community to be vigilant. He warned against using Compound’s website, stressing the potential risks involved. Similarly, Celer Network issued an alert about a “DNS domain attack” affecting multiple projects simultaneously, although this message was later deleted.
DeFiLlama developer 0xngmi revealed that 128 protocols’ front-end websites were at risk, including well-known applications such as Pendle Finance, dYdX, Thorchain, and Axelar. While these sites were not compromised, their use of Squarespace made them vulnerable.
Potential Cause and Squarespace’s Role
The suspected vulnerabilities appear linked to Squarespace’s recent acquisition of Google Domains. During the transition, several web pages allegedly lost their two-factor authentication, exposing them to exploitation.
Web3 security firm Blockaid and researcher Samczsun suggested that attackers hijacked the DNS records, redirecting them to a compromised IP address. The attackers utilized a known “drainer kit” associated with Inferno Drainer, a group notorious for wallet-draining activities. Inferno Drainer has reportedly stolen over $180 million from 189,000 victims since August 2023.
Limited Success and Immediate Actions
Thursday’s attack was less successful compared to previous exploits. One address linked to the malicious site held less than $1,400 in altcoins, while a second address contained more than $142,000 worth of ETH.
Several wallets, including MetaMask, Coinbase Wallet, and Zerion, have blocked these addresses to prevent further losses. Despite these measures, the exact origin of the attack remains unclear. Whether a Squarespace employee was involved or the attackers found another way to access the accounts.
Axelar posted on social media site X that “no issue has been identified with any Axelar website” and confirmed that its teams were “continuing to monitor the situation closely.” This reflects the proactive steps the affected projects take to mitigate risks.
Industry-Wide Implications and Future Measures
The crypto industry has witnessed similar attacks on other DeFi platforms, including Curve Finance, Frax, and Pancake Swap. These incidents underscore the space’s ongoing security challenges.
At least one Web3 project, Aloe Labs, announced plans to move to a new domain name provider in response to the attack. This shift highlights the need for enhanced security measures and vigilant monitoring to protect against such threats.
- Bitcoin Falls to $65K as Mt. Gox Transfers $2.8 Billion BTC to External Wallet
- News of Marathon Digital’s $138 Million Fine for Breach of Non-Disclosure Agreement Triggers a Bearish 2.5% of Its MARA Stock
- Are $530M Bitcoin ETF Inflows a Blessing or Caution?
- Metaplanet Teams with Hoseki for Real-Time Bitcoin Holdings Verification
- 10 Best Meme Coins To Invest in 2024
- Building Secure Blockchain Systems: An Exclusive Interview with ARPA and Bella Protocol CEO Felix Xu
- Building The “De-Facto Crypto Trading Terminal”: An Exclusive Interview with Aurox CEO Giorgi Khazaradze
- Building a New Global Financial System: An Exclusive Interview With Tyler Wallace, Analytics Head at TrustToken
- “Solana is the Promised Land for Blockchain” — An Exclusive Interview with Solend Founder Rooter
- El Salvador: Where The Bitcoin Revolution Begins With A Legal Tender