{"id":343188,"date":"2024-07-12T15:02:54","date_gmt":"2024-07-12T14:02:54","guid":{"rendered":"https:\/\/coinfomania.com\/?p=343188"},"modified":"2024-07-12T15:02:58","modified_gmt":"2024-07-12T14:02:58","slug":"celer-network-blocks-hack-as-compound-warns-of-phishing","status":"publish","type":"post","link":"https:\/\/coinfomania.com\/celer-network-blocks-hack-as-compound-warns-of-phishing\/","title":{"rendered":"Celer Network Blocks Hack as Compound Warns of Phishing"},"content":{"rendered":"\n<p><strong>Celer Network successfully intercepted an attempted takeover of its website on Thursday, potentially safeguarding 128 Web3 projects.&nbsp;<\/strong><\/p>\n\n\n\n<p>The attack stemmed from suspected vulnerabilities at the domain hosting firm Squarespace. Early reports indicated that issues with Squarespace\u2019s domain registrar services might have facilitated the attack.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">\u2705Thanks to our 24\/7 domain security monitoring, an attempted takeover of Celer domains was successfully intercepted. All DNS records have been recovered. Our ongoing investigation indicates that the attack vector likely involved third parties beyond our control. <br><br>\ud83d\udc41\ufe0fThe Celer\u2026<\/p>&mdash; CelerNetwork (@CelerNetwork) <a href=\"https:\/\/twitter.com\/CelerNetwork\/status\/1811394743794114866?ref_src=twsrc%5Etfw\">July 11, 2024<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>The compromised websites raised alarms in the crypto community, with major platforms like Compound Finance issuing warnings. \u201cUsers should not access our front-end website due to redirection to a phishing site,\u201d Compound Finance advised, emphasizing the seriousness of the threat.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-widespread-concerns-and-responses\"><strong>Widespread Concerns and Responses<\/strong><\/h3>\n\n\n\n<p>Phishing schemes in crypto often involve high-profile social media account takeovers, leading users to malicious wallet links. Direct attacks on protocol websites are less common but can have devastating effects.<\/p>\n\n\n\n<p>Michael Lewellen, a security advisor for Compound DAO and developer at audit firm OpenZeppelin, advised the community to be vigilant. He warned against using Compound\u2019s website, stressing the potential risks involved. Similarly, Celer Network issued an alert about a \u201cDNS domain attack\u201d affecting multiple projects simultaneously, although this message <a href=\"https:\/\/x.com\/CelerNetwork\/status\/1811368611828953312\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">was later deleted<\/a>.<\/p>\n\n\n\n<p>DeFiLlama developer 0xngmi revealed that <a href=\"https:\/\/gist.github.com\/0xngmi\/789e297f3107d3c28c56da7acf11828d\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">128 protocols\u2019<\/a> front-end websites were at risk, including well-known applications such as Pendle Finance, dYdX, Thorchain, and Axelar. While these sites were not compromised, their use of Squarespace made them vulnerable.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-potential-cause-and-squarespace-s-role\"><strong>Potential Cause and Squarespace\u2019s Role<\/strong><\/h3>\n\n\n\n<p>The suspected vulnerabilities appear linked to Squarespace\u2019s recent acquisition of Google Domains. During the transition, several web pages allegedly lost their two-factor authentication, exposing them to exploitation.<\/p>\n\n\n\n<p>Web3 security firm Blockaid and researcher Samczsun suggested that attackers hijacked the DNS records, redirecting them to a compromised IP address. The attackers utilized a known \u201cdrainer kit\u201d associated with Inferno Drainer, a group notorious for wallet-draining activities. Inferno Drainer has <a href=\"https:\/\/dune.com\/scamsniffer\/inferno-drainer\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">reportedly <\/a>stolen over $180 million from 189,000 victims since August 2023.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-limited-success-and-immediate-actions\"><strong>Limited Success and Immediate Actions<\/strong><\/h3>\n\n\n\n<p>Thursday\u2019s attack was less successful compared to previous exploits. One address <a href=\"https:\/\/etherscan.io\/address\/0x0000c1c0a9087688bf6f0dfec2f385ebf18b0000\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">linked <\/a>to the malicious site held less than $1,400 in altcoins, while a second address contained more than $142,000 worth of ETH.<\/p>\n\n\n\n<p>Several wallets, including MetaMask, Coinbase Wallet, and Zerion, have blocked these addresses to prevent further losses. Despite these measures, the exact origin of the attack remains unclear. Whether a Squarespace employee was involved or the attackers found another way to access the accounts.<\/p>\n\n\n\n<p>Axelar <a href=\"https:\/\/x.com\/Axl_Status\/status\/1811399141366395223\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">posted <\/a>on social media site X that &#8220;no issue has been identified with any Axelar website&#8221; and confirmed that its teams were &#8220;continuing to monitor the situation closely.&#8221; This reflects the proactive steps the affected projects take to mitigate risks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-industry-wide-implications-and-future-measures\"><strong>Industry-Wide Implications and Future Measures<\/strong><\/h3>\n\n\n\n<p>The crypto industry has witnessed similar attacks on other DeFi platforms, including Curve Finance, Frax, and Pancake Swap. These incidents underscore the space&#8217;s ongoing security challenges.<\/p>\n\n\n\n<p>At least one <a href=\"https:\/\/coinfomania.com\/binance-helps-injustice-samurai-recover-stolen-funds\/\">Web3 project<\/a>, Aloe Labs, announced plans to move to a new domain name provider in response to the attack. This shift highlights the need for enhanced security measures and vigilant monitoring to protect against such threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Celer Network successfully intercepted an attempted takeover of its website on Thursday, potentially safeguarding 128 Web3 projects.&nbsp; The attack stemmed [&hellip;]<\/p>\n","protected":false},"author":52,"featured_media":342947,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[245,5],"tags":[2605,2606,2607],"ppma_author":[1759],"class_list":["post-343188","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scam-alert","category-crypto-news","tag-celer-network","tag-dns-attack","tag-web3-security"],"acf":[],"authors":[{"term_id":1759,"user_id":52,"is_guest":0,"slug":"victor-muriki","display_name":"Victor Muriki","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/1c1862d1444b04b9e171e111cbd743b5?s=96&r=g","first_name":"Victor","twitter":"https:\/\/twitter.com\/VictorMuriki1","instagram":"https:\/\/www.instagram.com\/i.am_sheriff\/","linkedin":"https:\/\/www.linkedin.com\/in\/victor-muriki-0a5618253\/","user_url":"","last_name":"Muriki","facebook":"https:\/\/www.facebook.com\/profile.php?id=100086410154112","description":"Victor Muriki is an esteemed writer focused on cryptocurrency and finance, holding a Bachelor's in Actuarial Science. Known for his sharp analysis and insightful content, he has a strong command of English and is skilled at conducting in-depth research and ensuring timely delivery."}],"_links":{"self":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts\/343188"}],"collection":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/users\/52"}],"replies":[{"embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/comments?post=343188"}],"version-history":[{"count":1,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts\/343188\/revisions"}],"predecessor-version":[{"id":343190,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/posts\/343188\/revisions\/343190"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/media\/342947"}],"wp:attachment":[{"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/media?parent=343188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/categories?post=343188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/tags?post=343188"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/coinfomania.com\/wp-json\/wp\/v2\/ppma_author?post=343188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}