Table of Contents
The decentralized finance (DeFi) ecosystem was rocked today by a massive domain name system (DNS) hijacking incident that targeted multiple DeFi applications. The attack, traced back to a vulnerability in Squarespace’s domain registry, compromised numerous DeFi platforms, including Compound Finance and Pendle Finance.
Security researchers at Blockaid were the first to identify the attack when the Compound Finance website began redirecting users to a malicious site equipped with a drainer app designed to steal user funds.
Celer Network also fell victim to the attack but managed to prevent a successful takeover due to its robust domain monitoring system.
The scale of the attack is staggering, with Blockaid estimating that hundreds of DeFi projects using Squarespace domains are at risk. A list compiled by DefiLlama developer 0xngmi includes over 100 potentially affected domains from platforms such as DyDx, Polymarket, LooksRare, Aptos, Near, Litecoin, and more.
Observers have warned that more names might be affected. Google sold its domain business to Squarespace several months ago and the forced migration of domains removed 2FA, causing all these domains to be vulnerable.
To protect users, MetaMask has implemented a warning system that alerts users attempting to interact with compromised sites. The wallet provider is actively working to identify and flag affected platforms.
As the investigation into the Squarespace DNS hack continues, DeFi users are advised to exercise extreme caution when interacting with any platform until the situation is fully resolved.