A number of decentralized finance platforms, together with Compound Finance, Celer Community, and Pendle, had domains registered with Squarespace impacted by DNS hijacking attacks on Thursday, BleepingComputer studies.
Each Celer and Pendle reported the restoration of their domains, with the latter emphasizing that no cryptocurrency belongings had been compromised on account of the intrusion. “…[A]ttackers exploited a vulnerability in Squarespace, hijacking domains hosted on their platform. Safety consultants are nonetheless figuring out the precise mechanism for the hijacking assaults, however many domains (together with Pendle’s) that had been migrated from Google to Squarespace have been affected,” mentioned Pendle in a put up on X, previously Twitter. Extra particulars concerning the area takeover course of stay unclear however the compromise has been related by cryptocurrency safety researchers Andrew Mohawk, Taylor Monahan, and Samczsun with the multi-factor authentication deactivation throughout area migration. Automated domain-linked account creation and reseller entry might have additionally been exploited by risk actors to facilitate area hijacking, researchers mentioned.
