Major crypto projects at risk as Squarespace domain breach unfolds

Share This Post

Malicious actors are targeting several crypto projects with domain names provided by Squarespace.

On July 11, Oxngmi, the pseudonymous developer of DeFiLlama, reported that over 100 crypto projects using Squarespace, including Polymarket, Hyperliquid, dYdX, and THORChain, are at risk of being hacked.

Blockchain security firm Blockaid confirmed this, stating that an attacker gained control of the DNS registry for Compound Finance and interoperability protocol Celer Network and subsequently redirected visitors to a page that would drain funds from their wallets.

The security firm said:

“From initial assessment, it appears that the attackers are operating by hijacking DNS records of projects hosted on SquareSpace…The attackers are using a drainer kit associated with the most recent iteration of the Inferno drainer group.”

Meanwhile, the security threats are ongoing as new projects like Unstoppable Domains and DeFi project Pendle have also reported domain name hacks. Pendle said its domain was secure as of press time.

Matthew Gould, the CEO of Web3 domain provider Unstoppable Domains, warned users not to click on any links. He added that the attackers are trying to create a fake website and spread phishing emails.

He said:

“If you were on Google domains and got migrated to Squarespace you are vulnerable and should let your engineeing team know to move immediately.”

It is unclear if any of these breaches resulted in financial losses for users of these platforms.

Squarespace has yet to respond to CryptoSlate’s request for comment as of press time.

What is the cause of the attack?

CoinGecko founder Bobby Ong revealed that a security breach originated from Squarespace’s domain registrar. He explained that Google’s sale of its domain business to Squarespace led to the removal of two-factor authentication (2FA) due to forced domain migration.

Ong said:

“Google sold their domain business to Squarespace a few months ago and the forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked.”

DeFi project Pendle noted the significant scale of the attack, pointing out that security experts are still determining the exact mechanism behind these hijackings. It added that the migration from Google to Squarespace affected many domains.

Pendle said:

“ICANN’s domain transfer policies prevent us from transferring domains away from Squarespace for another ~20 days.”

Meanwhile, a security advisory from SEAL 911 — a team of white hat hackers including ZachXBT — Paradigm’s Samczsun, Consensys’ Taylor Mohanan (Tayvano), and Andrew Mohawk, suggested that Squarespace might have been compromised via a social engineering attack.

Solutions?

Security experts recommend that projects enhance their protection by enabling two-factor authentication (2FA) on Squarespace.

They also advise removing excess contributor accounts and reseller access. Additionally, they suggest reverting all changes to DNS records and removing unnecessary admins from accounts.

Experts further advise affected projects to consider switching to other providers such as Cloudflare, Amazon Web Services, MarkMonitor, and CSC DBS.

The post Major crypto projects at risk as Squarespace domain breach unfolds appeared first on CryptoSlate.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

The Best Crypto to Buy as Bitcoin DeFi is Projected to Unlock Billions in BTC

Now is the perfect time to look for the best crypto to buy, as unleashing Bitcoin into the DeFi protocol could add billions to BTC’s liquidity pool A recent report from Moulik Nagesh of Binance

POPCAT, PNUT, And PENGU Price Prediction After Robinhood Listing Hype

The post POPCAT, PNUT, And PENGU Price Prediction After Robinhood Listing Hype appeared first on Coinpedia Fintech News Key Highlights Meme coins – POPCAT, PNUT, and PENGU gained momentum after

Pi Network Faces Pressure as KYC Deadline Closes In, Whales Pick Up Web3 Mobile Competitor Trading at $0.0045

The post Pi Network Faces Pressure as KYC Deadline Closes In, Whales Pick Up Web3 Mobile Competitor Trading at $00045 appeared first on Coinpedia Fintech News Pi Network (PI) has become a household

Near Protocol Price Prediction 2025, 2026 – 2030: NEAR Price To Record 2X Surge?

The post Near Protocol Price Prediction 2025, 2026 – 2030: NEAR Price To Record 2X Surge appeared first on Coinpedia Fintech News Story Highlights The live price of the Near Protocol token is

XRP Price Prediction: Can XRP Grasp $5 as Democrats Try to Stop Crypto Reserve Plan

The post XRP Price Prediction: Can XRP Grasp $5 as Democrats Try to Stop Crypto Reserve Plan appeared first on Coinpedia Fintech News With bullish signals flashing and traders eyeing a potential push

Best New Crypto to Buy as Trump Plans Binance Investment and Turns Bitcoin Maximalist

Changpeng Zhao isn’t exactly the stereotypical criminal But the Binance founder did plea guilty, back in 2023, to violating anti-money-laundering (AML) laws And as such, he is a convicted felon