In response to a significant domain attack involving vulnerabilities in the recently acquired Squarespace domain hosting service, several DeFi protocols have issued detailed post-mortem reports and updates. The attack, which exploited these vulnerabilities, prompted an immediate and coordinated response from affected projects to secure their platforms and reassure their user base.
Domain Attack Exposes Vulnerabilities, DeFi Protocols Respond
On Thursday, Celer Network reported that its 24/7 domain security monitoring had successfully intercepted an attempted takeover of its domains. According to Celer, all DNS records have been recovered, and the attack vector likely involved third parties beyond its control. The team continues to monitor the situation closely and will provide further updates as more information becomes available.
Pendle Finance also released a comprehensive post-mortem report detailing their experience. The attack on Pendle’s domains was part of the broader exploitation of Squarespace’s vulnerabilities. In response, Pendle’s team set up real-time bots to alert any DNS changes and, upon detecting a malicious record, swiftly shut down the app and regained control of the domain within 40 minutes. Throughout the incident, Pendle maintained constant communication with security professionals, ensuring the protocol and funds remained unaffected.
Karak, another DeFi protocol, reported no exposure to the Squarespace vulnerability. The team has been collaborating with top security researchers and other projects to enhance security measures and ensure the safety of funds.
Similarly, DyDx reported no detected vulnerabilities or security issues, and their team continues to monitor the situation, promising updates if any suspicious activity is observed. Nostra Finance also reported no signs of hijack attempts on its website or app and is in the process of transferring its domain to another provider to mitigate any future risks. Users are advised to stay vigilant and heed warnings from Argent and Braavos.
The Axelar network developer teams have addressed recent reports concerning domain-related attacks. According to Axelar, no issues have been identified with any Axelar websites, and the protocol assured its community that their websites would remain unaffected.
Impact on Unstoppable Domains and Community Warnings
Unstoppable Domains also fell victim to the attack, advising users to avoid opening emails from @unstoppabledomains.com or using the website until further notice. Fortunately, Unstoppable has regained access to its Squarespace account, mitigating the attack. The project emphasized taking extreme caution to analyze services before restoring website functionality, while noting that on-chain domains were not impacted and continue to function as expected.
CoinGecko founder Bobby Ong highlighted that Google’s sale of its domain business to Squarespace led to the removal of two-factor authentication (2FA) during the forced migration of domains, creating vulnerabilities. This has resulted in phishing attacks on DeFi platforms, with Compound Finance being the first victim. Ong advised the community to avoid interacting with crypto until the issue is resolved, stating, “Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved.”
Matthew Gould, CEO of Unstoppable Domains, suggested that Web3 domains could prevent such attacks by creating verified on-chain records for domains, adding an extra layer of protection. Gould proposed that DNS records should not update without a verified on-chain signature, ensuring that even if a registrar or user account is compromised, the domain cannot be altered unless the user’s wallet is compromised.
Broader Implications and Ongoing Security Efforts
In the broader scope of digital asset security, Coinbase has also been named an additional custodian for VanEck’s Bitcoin Trust, involving holding Bitcoin primarily in cold storage to protect against cyber threats. These developments highlight the industry’s ongoing efforts to bolster security amid a massive attack on crypto. According to a recent report, over $688 million were lost across 184 on-chain security incidents in Q2 alone.
The swift actions and transparency of these DeFi protocols underscore the importance of robust security measures and proactive communication in maintaining user trust and platform integrity in the face of evolving cyber threats.
Powered by Crypto Expert BD
Follow us on Twitter: https://x.com/CryptoExpert_BD
Join our Telegram channel: https://t.me/CryptoExpert_BD
