The decentralized finance (DeFi) space is currently facing a significant threat from phishing attacks due to a vulnerability in Squarespace domains. Web3 professionals have shared advice for users and affected parties in light of these attacks.
On July 11, security investigator ZachXBT alerted the community about a phishing site masquerading as the Compound Finance website. This incident marked the first major hijacking resulting from the vulnerability.
Celer Network also reported an attack attempt, which they successfully repelled. DefiLlama developer 0xngmi shared a list of over 100 protocols potentially vulnerable to similar attacks, including prominent names like Polymarket, dYdX, and Pendle Finance.
CoinGecko founder Bobby Ong attributed the vulnerability to Squarespace's recent acquisition of Google's domain business. The migration process reportedly removed two-factor authentication (2FA) from affected domains. Ong advised users to refrain from crypto interactions for a few days until the issue is resolved.
Security researcher Samzsun suggested that affected parties consider transferring to alternative domain providers such as Cloudflare, Amazon Web Services Route 53, MarkMonitor, or CSC DBS.
Matthew Gould, CEO of Unstoppable Domains, proposed that Web3 domains could offer additional protection against such attacks. He suggested implementing verified on-chain records and requiring wallet signatures for DNS updates, which would necessitate hackers to compromise both the registrar and the user's wallet to alter domain records.
As the situation develops, crypto users are urged to exercise caution and stay informed about potential risks in using DeFi exchanges.