As the vulnerability on Squarespace domains threatens the decentralized finance (DeFi) space with phishing attacks, Web3 professionals shared their advice on what users and those affected can do to avoid the attacks.
On July 11, security investigator ZachXBT shared a Telegram post warning the community to stay away from the Compound Finance website, which redirected to a phishing site. The DeFi protocol was the first to be hijacked because of the vulnerability.
Following this, the Celer Network announced that it had also been attacked but successfully thwarted the attempt.
Meanwhile, DefiLlama developer “0xngmi” shared a list of domains vulnerable to the same attack vector. The list had over 100 protocols, including Polymarket, dYdX and Pendle Finance.
Don’t interact with crypto for the next few days
CoinGecko founder Bobby Ong said the attack stemmed from Squarespace’s domain registrar. The executive explained that after Google sold its domain business to Squarespace, two-factor authentication (2FA) was removed due to the forced migration of domains.
This made the domains vulnerable. According to Ong, the community should wait until the issue is fixed before interacting with crypto again. “Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved,” Ong added.
Related: CoinStats exploiter moves almost $1M to Tornado Cash
Consider transferring to other domain providers
Security researcher Samzsun said those affected by the recent domain hijacking on Squarespace might need to consider transferring to other providers. The white hat hacker recommended Cloudflare, Amazon Web Services Route 53, MarkMonitor and CSC DBS.
Meanwhile, Matthew Gould, the founder and CEO of Web3 domain provider Unstoppable Domains (UD), took the opportunity to explain how this type of attack may be avoided with Web3 domains. Gould explained:
“By creating verified onchain records for domains we can offer an extra layer of protection browsers and others can check to help fight these types of attacks.”
The executive added that users could even configure their DNS records to not update unless they provide a verified onchain signature.
The executive also floated the idea of disallowing records updates without signatures from wallets. This would require hackers to attack the registrar and the user separately.
“So if your UD account was compromised, or UD itself as a registrar was compromised, but not your wallet, the malicious user could not alter your domain in DNS," Gould added.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis