Major Crypto Projects at Risk Amidst Squarespace Domain Breach

Major Crypto Projects at Risk Amidst Squarespace Domain Breach

By: Eliza Bennet

Several significant crypto projects are currently vulnerable due to a major breach of domain names provided by Squarespace. On July 11, Oxngmi, the pseudonymous developer of DeFiLlama, reported that over 100 crypto projects using Squarespace, including Polymarket, Hyperliquid, dYdX, and THORChain, are at risk of being hacked.

Blockchain security firm Blockaid confirmed that the attacker had taken control of the DNS registry for Compound Finance and interoperability protocol Celer Network, redirecting visitors to a malicious site designed to drain funds from their wallets. According to Blockaid, the attackers are hijacking DNS records of projects hosted on Squarespace, using a drainer kit associated with the most recent iteration of the Inferno drainer group.

Unstoppable Domains and DeFi project Pendle are among the latest to report domain name hacks. Pendle confirmed that its domain was secure at the time of reporting. Matthew Gould, CEO of Web3 domain provider Unstoppable Domains, advised users to be cautious and avoid clicking on any links, emphasizing that attackers are creating fake websites and spreading phishing emails. Gould highlighted the vulnerability for those migrated from Google domains to Squarespace.

CoinGecko founder Bobby Ong revealed that the security breach stemmed from Squarespace's domain registrar. Google's sale of its domain business to Squarespace led to the removal of two-factor authentication (2FA) during the forced domain migration, which has made several domains susceptible to hijacking. The DeFi project Pendle remarked on the large-scale impact, noting that experts are still deciphering the exact mechanism behind these attacks. Additionally, they mentioned that ICANN's domain transfer policies prevent them from transferring domains away from Squarespace for nearly 20 more days.

Experts including the SEAL 911 team, consisting of notable figures like ZachXBT, Samczsun from Paradigm, and Taylor Mohanan from Consensys, suggested that the compromise might have resulted from a social engineering attack. To mitigate the risk, security experts recommend projects enhance their protections by enabling 2FA and removing excess contributor accounts and reseller access. They also advise considering alternative providers such as Cloudflare, Amazon Web Services, MarkMonitor, and CSC DBS.

Get In Touch

[email protected]

Follow Us

© BlockBriefly. All Rights Reserved.