DeFi Protocols Targeted by Phishing Due to Squarespace Domain Flaw
As vulnerabilities in Squarespace domains pose a significant threat to the decentralized finance (DeFi) sector through phishing attacks, Web3 professionals have shared essential advice on how users and those impacted can protect themselves.
On July 11, security investigator ZachXBT alerted the community via a Telegram post, advising them to avoid the Compound Finance website, which had been redirected to a phishing site. This incident marked the first exploitation of the vulnerability within the DeFi protocol.
Following this, the Celer Network reported a similar attack but managed to prevent any harm.
In the wake of these incidents, DefiLlama developer “0xngmi” compiled and shared a list of domains susceptible to the same attack vector. This list included over 100 protocols, such as Polymarket, dYdX, and Pendle Finance.
Refrain from interacting with crypto temporarily
CoinGecko founder Bobby Ong attributed the attack to vulnerabilities within Squarespace’s domain registrar. Ong explained that the removal of two-factor authentication (2FA) occurred due to the forced migration of domains after Google sold its domain business to Squarespace, rendering these domains vulnerable.
Ong advised the community to refrain from engaging with crypto activities until the issue is resolved. “The best course of action is to avoid interacting with crypto and take a break for the next couple of days until everything is sorted out,” Ong recommended.
Consider switching to alternative domain providers
Security researcher Samzsun suggested that those affected by the recent domain hijacking on Squarespace should consider transferring their domains to other providers. The white hat hacker recommended alternatives like Cloudflare, Amazon Web Services Route 53, MarkMonitor, and CSC DBS.
Additionally, Matthew Gould, founder and CEO of Web3 domain provider Unstoppable Domains (UD), highlighted how Web3 domains could help prevent such attacks. Gould explained:
“By creating verified on-chain records for domains, we can offer an extra layer of protection that browsers and other entities can verify to help combat these types of attacks.”
Gould further suggested that users could configure their DNS records to update only when a verified on-chain signature is provided.
He also proposed the idea of disallowing record updates without signatures from wallets, which would require hackers to compromise both the registrar and the user independently.
“If your UD account was compromised, or UD itself as a registrar was compromised, but not your wallet, the malicious actor could not alter your domain in DNS,” Gould added.
Leave a comment