In light of a recent domain attack involving Squarespace, several DeFi protocols have released post-mortem reports and updates to inform their communities of the incident’s impact and their subsequent actions. The breach exploited vulnerabilities in the domain hosting service recently acquired by Squarespace from Google Domains. Prompted by the attack, affected projects swiftly responded to secure their platforms and reassure users.
Celer Network reported that its 24/7 domain security monitoring successfully intercepted an attempted takeover of its domains. All DNS records were recovered, and the attack likely involved third parties beyond their control. Pendle Finance detailed its experience in a post-mortem report, where real-time bots were used to alert any DNS changes and swiftly shut down malicious records. Constant communication with security professionals ensured their protocol and funds remained safe.
Karak and DyDx reported no exposure to the Squarespace vulnerability, with both teams collaborating with security researchers to enhance security measures. Nostra Finance reported no signs of hijack attempts but is transferring its domain to another provider as a precaution. Axelar Network reassured its community that their websites were unaffected by the attack. However, Unstoppable Domains advised users to avoid opening emails from their domain and to refrain from using the website until further notice.
CoinGecko founder Bobby Ong warned the community to avoid interacting with crypto until the issue is resolved due to potential phishing attacks on DeFi platforms resulting from the removal of 2FA during the forced migration of domains from Google to Squarespace. Matthew Gould, CEO of Unstoppable Domains, suggested using Web3 domains to prevent such attacks. He proposed that DNS records should only update with a verified on-chain signature, adding an extra layer of security to prevent alterations to domains.
In efforts to enhance security in the digital asset space, Coinbase has been named an additional custodian for VanEck’s Bitcoin Trust, primarily holding Bitcoin in cold storage to protect against cyber threats. These developments underscore the industry’s commitment to bolstering security measures amidst a significant attack on crypto platforms. According to a recent report, over $688 million were lost in 184 on-chain security incidents in Q2 alone, highlighting the importance of proactive security measures in safeguarding digital assets.
