Squarespace Domains Vulnerable to DNS Hijacking

DeFi apps on Squarespace are vulnerable to a DNS hijacking attack that redirects users to malicious sites. Over 120 DeFi protocols have been affected, including Compound and Celer Network. Learn more about the security risks of DeFi and how to protect yourself.

Challenge (Decentralized Finance) has become a revolutionary force in the financial world. By leveraging blockchain technology, DeFi apps aim to give users greater control over their finances without interference from middlemen. However, a recent security breach has exposed a vulnerability in DeFi apps hosted on Squarespace, a popular website building platform.

The attack involved hackers hijacking the domain name system (DNS) DeFi application records. DNS acts like the phone book of the internet, translating human-readable domain names into numeric IP addresses that computers can understand.

This domain registry attack, which occurred on July 11, 2024, potentially affected approximately 128 DeFi protocols. Oxngmi, a developer of blockchain analytics platform DefiLlama, shared a list of what they marked as a “list of domains registered with Squarespace and therefore potentially vulnerable.”

According to the Blockchain Security Platform Blockaid’s investigation The attacker took control of Compound Finance’s DNS registry and attempted to control Celer Network’s registry. By compromising DNS records, they were able to intercept legitimate DeFi platforms and redirect users to phishing sites to obtain sensitive information and steal funds.

The attack was detected after users noticed that Compound’s interface led to a malicious website with a token harvesting application, and Celer Network confirmed a domain takeover attempt, which its monitoring system successfully thwarted. Both acknowledged the attack in separate statements.

Further investigation revealed that the attacker is specifically targeting Squarespace domain names, putting all DeFi applications with a Squarespace domain at risk.

In response to the attack, MetaMask, a popular Web3 wallet, hasimplemented an alert system to flag potentially compromised DeFi applications. This additional layer of security aims to protect users from unintentional interactions with malicious websites.

While the exact methods used by the attackers are still under investigation, it is believed that the attack vector likely originated from Google domain accounts used by these protocols. FYI, Squarespace acquired around 10 million domains hosted on Google Domains for $180 million in 2023. This acquisition could have provided attackers with a potential foothold to access sensitive DNS information.

The DeFi space is still in its early stages and security remains a major concern. In December 2023, an attacker malicious code injected in the Ledger Connect library, affecting the Ethereum Virtual Machine ecosystem.

These incidents highlight the need for DeFi developers to prioritize robust security measures and for users to exercise caution when interacting with DeFi applications, especially those based on less rigorous security practices.

RELATED TOPICS

1. We Need Smarter Smart Contracts to Prevent DeFi Hacks
2. New Linux Malware “NKAbuse” Uses Blockchain Technology to Spread
3. SnatchCrypto Attack Hits DeFi and Blockchain Platforms with Backdoor
4. Hackers Exploit Harmony’s Horizon Blockchain Bridge to Steal $100 Million
5. LAZARUS APT Attack Uses TraderTraitor Malware to Target Blockchain Organizations

Fuente