Compound Finance, a pioneer in decentralized finance (DeFi), has fallen victim to a suspected domain hijacking attack. On July 11, blockchain security firm PeckShield alerted users to a compromise of the Compound Finance website (compound[.]finance), advising against any interaction with the site until further notice.
Blockchain investigator 'ZachXBT' corroborated the report, warning that the website was redirecting to a newly registered phishing site. When CryptoPotato attempted to access the website, it was unavailable, suggesting possible intervention by the Compound team.
Domain hijacking occurs when unauthorized parties gain control of a website's domain name, often redirecting users to fraudulent sites. This is typically achieved through social engineering, phishing attacks, or exploitation of vulnerabilities in domain management systems. Such attacks on crypto platforms are frequently aimed at stealing sensitive information or spreading malware to pilfer crypto assets.
As of writing, Compound Labs had not addressed the incident on their official X account, and it remains unclear if any users have lost funds. This attack follows a similar incident involving Frax Finance in November, highlighting the ongoing security challenges in the DeFi space.
Compound Finance, known for its algorithmic, autonomous interest rate lending platform, has seen its native token COMP remain stable despite the website hijacking. Trading at $47.88 at the time of reporting, COMP is available on numerous popular crypto exchanges, though it has significantly decreased from its all-time high.