DeFi Apps on Squarespace Face DNS Hijacking Threat
Decentralized Finance (DeFi) applications hosted on Squarespace are currently at risk of a DNS hijacking attack, which can reroute users to harmful websites. This vulnerability potentially impacts over 120 DeFi protocols, including well-known platforms like Compound and Celer Network. Understanding this security threat is essential for users to protect their assets.
Understanding DeFi and Its Security Risks
DeFi has emerged as a transformative element in the financial landscape, utilizing blockchain technology to grant users greater autonomy over their finances without the need for intermediaries. However, a recent security incident has revealed a significant flaw in DeFi applications hosted on Squarespace, which is a widely used website development platform. The attack involved hackers seizing control of the Domain Name System (DNS) records belonging to these DeFi applications. DNS functions similarly to a telephone directory for the internet, converting easily recognizable domain names into numerical IP addresses for computers.
The DNS registry attack took place on July 11, 2024, and is believed to have impacted around 128 DeFi protocols. Oxngmi, a developer affiliated with the blockchain analytics service DefiLlama, released a list of domains that are registered with Squarespace and are thus at risk.
List of Affected DeFi Protocols
The following domains are among those identified as vulnerable due to registration with Squarespace: celer.network, compound.finance, dydx.exchange, thorchain.com, and many others, including various innovative financial solutions and exchanges. The full list contains numerous platforms that users should be cautious of.
Details of the Attack
An investigation by the blockchain security firm Blockaid uncovered that the attacker managed to take control of the DNS registry for Compound Finance and attempted to gain control over Celer Network’s domain. By manipulating DNS records, the assailant was able to redirect users from legitimate DeFi platforms to phishing sites designed to steal sensitive information and funds. This ongoing threat has led to the creation of new malicious sites masquerading as legitimate brands.
Responses and Security Measures
In light of this attack, MetaMask, a widely used Web3 wallet, has introduced a warning system aimed at identifying potentially compromised DeFi applications. This enhancement is intended to protect users from inadvertently engaging with fraudulent websites. While the specific techniques used by the attackers are still being examined, it is suspected that they exploited Google domain accounts associated with these protocols. Notably, Squarespace’s acquisition of approximately 10 million domains from Google Domains for $180 million in 2023 may have provided the attackers with a means to access sensitive DNS data.
The Importance of Security in DeFi
The DeFi sector is still relatively nascent, and security concerns continue to be a major issue. For instance, in December 2023, an attacker injected harmful code into the Ledger Connect library, impacting the Ethereum Virtual Machine ecosystem. Such incidents underscore the necessity for DeFi developers to implement stringent security protocols and for users to remain vigilant when engaging with DeFi applications, particularly those operating under less robust security frameworks.
