WEB3

Over 120 Crypto Projects at Risk After Squarespace Breach

by BSCN

July 12, 2024

chain

The breach involved a domain registry attack targeting multiple decentralized finance (DeFi) applications.

A significant breach at Squarespace, a major SaaS provider, was reported by blockchain security platform Blockaid. The attack targeted multiple decentralized finance (DeFi) applications, compromising their domain name system (DNS) registries. 

Among the affected projects are Compound Finance and Celer Network. This breach has put over 120 crypto projects at risk of exploitation.

Attack Details and Immediate Impact

The initial benign attack on July 6 escalated on July 11, when Blockaid detected a new frontend attack. The attacker took control of the DNS registry for Compound Finance and attempted to do the same for Celer Network. 

The front end of Compound Finance's website, compound[dot]finance, was compromised, though users' funds remained safe. However, the incident caused significant inconvenience and raised alarm in the crypto community.

 

Michael Lewellen, a security advisor at Compound DAO, urged users to avoid the $2 billion decentralized lending protocol’s website. Celer Network also issued a similar warning, which was later deleted. 

 

Other DeFi protocols, including Pendle Finance, DYDX Exchange, and Mendi Finance, are also reportedly at risk. Additionally, Polymarket, a prediction marketplace powered by Squarespace, faces potential threats from the breach.

 

MetaMask, a popular Web3 wallet, announced efforts to warn users of potentially compromised apps associated with the attack. Users attempting to transact on any known compromised site will see a warning provided by Blockaid.

Investigations and Potential Attack Methods

Blockaid's investigation indicates that the attacker targets domain names provided by Squarespace, putting any DeFi app using Squarespace domains at risk. The security firm suggested that attackers might be hijacking DNS records of projects hosted on Squarespace. 

 

The possible exploit methods could include sophisticated pre-registration tactics, mass domain sign-ups, or DNS cache poisoning (DNS spoofing), where false data is injected into a DNS cache, redirecting users to malicious websites.

 

According to a Crypto Briefing report, a security researcher speculated that the attackers might have exploited a direct breach of Squarespace’s security, allowing them to manipulate DNS records from the source. This theory is based on the wide-ranging impact and suggests a systemic vulnerability.

Response and Precautions

Squarespace completed its acquisition of Google’s domain business on September 7, 2023, adding to the complexity of the situation. While the exact methods of the attack remain speculative, the combination of tactics or an undisclosed vulnerability in the domain management system is likely.

 

However, according to recent reports, the Compound Finance website is now secure.

Hacks and exploits are not uncommon in the digital currency ecosystem. Recent incidents include the hack of Japanese firm DMM Bitcoin and the hijack of the X account of rapper 50 Cent. These events highlight the growing threat and the need for robust security measures in the crypto industry.

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].

;