Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
DeFi Protocols Release Post-Mortem and Updates Following Recent Domain Attack

DeFi Protocols Release Post-Mortem and Updates Following Recent Domain Attack

Cryptonews2024/07/13 00:52
By:Hassan Shittu

In the wake of a domain attack involving Squarespace , numerous DeFi protocols have released post-mortem reports and updates to inform their communities about the incident’s impact and their subsequent actions.

The breach, which exploited vulnerabilities in the domain hosting service recently acquired by Squarespace from Google Domains, has prompted a swift and coordinated response from affected projects to secure their platforms and reassure users.

Domain Attack Break: DeFi Protocols Release Updates

On Thursday, Celer Network announced that its 24/7 domain security monitoring successfully intercepted an attempted takeover of its domains.

According to Celer, all DNS records have been recovered, and the attack vector likely involved third parties beyond its control. The team continues to monitor the situation and will provide updates as more information becomes available.

Also, the yield protocol, Pendle Finance detailed its experience in a comprehensive post-mortem report. The attack on Pendle’s domains occurred as part of the broader exploitation of Squarespace’s vulnerabilities.

After learning about the issue, Pendle’s team initiated a series of countermeasures. Real-time bots were set up to alert any DNS changes, and when a malicious record was detected, the team swiftly shut down the app and regained control of the domain within 40 minutes.

Throughout the incident, Pendle maintained constant communication with security professionals, ensuring their protocol and funds remained unaffected.

Karak, another DeFi protocol, reported no exposure to the Squarespace vulnerability. The team has collaborated with top security researchers and other projects to bolster security measures and ensure that funds remain safe.

Similarly, DyDx has not detected any vulnerabilities or security issues, and the team continues to monitor the situation, promising updates if any suspicious activity is observed.

While aware of the potential issue, Nostra Finance also reported no signs of hijack attempts on its website or app. It is in the process of transferring its domain to another provider to mitigate any future risks. Users are advised to check Argent and Braavos’s warnings and remain vigilant.

Also, Axelar network developer teams have addressed recent reports concerning domain-related attack. According to Axelar, no issues have been identified with any Axelar websites. The protocol assured its community that their websites would remain unaffected.

Notably, Unstoppable Domains also suffered from the attack. Users were advised to avoid opening emails from @unstoppabledomains.com or using the website until further notice.

Fortunately, Unstoppable has been able to regain access to its square space account , mitigating the attack. The project said ” We are taking extreme caution to analyze services before restoring website functionality. Onchain domains were not impacted by the Squarespace hack, and continue to function as expected.”

“Avoid Interacting With Crypto Until It’s Resolved,” Experts Warned

CoinGecko founder Bobby Ong highlighted that Google’s sale of its domain business to Squarespace led to the removal of two-factor authentication (2FA) during the forced migration of domains, creating vulnerabilities.

This has resulted in phishing attacks on decentralized finance (DeFi) platforms, with Compound Finance being the first victim.

Ong advised the community to avoid interacting with crypto until the issue is resolved.

“Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved,” Ong said.

Matthew Gould, CEO of Unstoppable Domains (UD), suggested that Web3 domains could prevent such attacks by creating verified on-chain records for domains, adding an extra layer of protection.

Gould proposed that DNS records should not update without a verified on-chain signature, ensuring that even if a registrar or user account is compromised, the domain cannot be altered unless the user’s wallet is compromised.

In the broader scope of digital asset security, Coinbase has also been named an additional custodian for VanEck’s Bitcoin Trust . This arrangement involves holding Bitcoin primarily in cold storage to protect against cyber threats.

These developments highlight the industry’s ongoing efforts to bolster security amid a massive attack on crypto. According to a recent report, over $688 Million were lost across 184 on-chain security incidents in Q2 alone.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!