Crypto investigator ZachXBT has warned users to avoid the Compound Finance website, which appears to have been hijacked.
On July 11, the security investigator published a post on Telegram telling the community to stay away from the website for the time being. According to ZachXBT, the website redirects to a newly registered phishing site and may pose a substantial security risk.
In the meantime, a member of the Compound Finance team confirmed the breach and advised users to avoid interacting with the site to prevent potential losses of personal data and funds.
Michael Lewellen, security adviser at the Compound Finance DAO, alerted users of the breach. According to Lewellen, the URL has been compromised and is hosting a phishing website. The security adviser warned users not to interact with the site. Despite this, Lewellen assured users that the protocol was not impacted and that the smart contract funds were safe.
Cointelegraph approached the Compound Labs team for comments but has not yet received a response.
Compound Finance’s X account hacked in 2023
The company is not new to security attacks. In 2023, the decentralized finance (DeFi) protocol’s official X account was taken over by hackers. Like the recent incident, the hackers exploited the company’s social media platform to promote a phishing website.
Back then, the account posted an advertisement promoting free crypto tokens. It also urged users to click a link imitating the protocol’s official site. However, it was quickly flagged as a scam.
Cybersecurity blogger Officer’s Notes and blockchain security platform Scam Sniffer confirmed that the account had posted phishing links.
On Dec. 30, 2023, the Compound Labs team confirmed they were compromised for four hours before recovering the account. They also informed their users that they had removed the spam messages.
Related: Investors lose $1.6M after Doja Cat’s X reportedly hacked to promote scam coin
Phishing attacks caused almost $498 million in losses in 2024
On April 4, CertiK CEO co-founder Ronghui Gu urged the community to proactively prepare for attacks as the market continues to grow. At the time, the company noticed that phishing attacks in the crypto space had reached “alarming levels.”
On July 3, the company reported that losses in crypto security incidents reached $1.19 billion in the first half of 2024. The report attributed almost $498 million in digital asset losses to phishing attacks. Because of this, Gu emphasized the need for multifactor authentication and better security practices.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis