DeFi Protocols Release Post-Mortem and Updates Following Recent Domain Attack

Defi Hack Domain Name System Attack
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Journalist
Journalist
Hassan Shittu
Author Categories
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

In the wake of a domain attack involving Squarespace, numerous DeFi protocols have released post-mortem reports and updates to inform their communities about the incident’s impact and their subsequent actions. The breach, which exploited vulnerabilities in the domain hosting service recently acquired by Squarespace from Google Domains, has prompted a swift and coordinated response from affected projects to secure their platforms and reassure users.

Domain Attack Break: DeFi Protocols Release Updates

On Thursday, Celer Network announced that its 24/7 domain security monitoring successfully intercepted an attempted takeover of its domains.

According to Celer, all DNS records have been recovered, and the attack vector likely involved third parties beyond its control. The team continues to monitor the situation and will provide updates as more information becomes available.

Also, the yield protocol, Pendle Finance detailed its experience in a comprehensive post-mortem report. The attack on Pendle’s domains occurred as part of the broader exploitation of Squarespace’s vulnerabilities.

After learning about the issue, Pendle’s team initiated a series of countermeasures. Real-time bots were set up to alert any DNS changes, and when a malicious record was detected, the team swiftly shut down the app and regained control of the domain within 40 minutes.

Throughout the incident, Pendle maintained constant communication with security professionals, ensuring their protocol and funds remained unaffected.

Karak, another DeFi protocol, reported no exposure to the Squarespace vulnerability. The team has collaborated with top security researchers and other projects to bolster security measures and ensure that funds remain safe.

Similarly, DyDx has not detected any vulnerabilities or security issues, and the team continues to monitor the situation, promising updates if any suspicious activity is observed.

While aware of the potential issue, Nostra Finance also reported no signs of hijack attempts on its website or app. It is in the process of transferring its domain to another provider to mitigate any future risks. Users are advised to check Argent and Braavos’s warnings and remain vigilant.

Also, Axelar network developer teams have addressed recent reports concerning domain-related attack. According to Axelar, no issues have been identified with any Axelar websites. The protocol assured its community that their websites would remain unaffected.

Notably, Unstoppable Domains also suffered from the attack. Users were advised to avoid opening emails from @unstoppabledomains.com or using the website until further notice.

Fortunately, Unstoppable has been able to regain access to its square space account, mitigating the attack. The project said ” We are taking extreme caution to analyze services before restoring website functionality. Onchain domains were not impacted by the Squarespace hack, and continue to function as expected.”

“Avoid Interacting With Crypto Until It’s Resolved,” Experts Warned

CoinGecko founder Bobby Ong highlighted that Google’s sale of its domain business to Squarespace led to the removal of two-factor authentication (2FA) during the forced migration of domains, creating vulnerabilities.

This has resulted in phishing attacks on decentralized finance (DeFi) platforms, with Compound Finance being the first victim.

Ong advised the community to avoid interacting with crypto until the issue is resolved.

“Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved,” Ong said.

Matthew Gould, CEO of Unstoppable Domains (UD), suggested that Web3 domains could prevent such attacks by creating verified on-chain records for domains, adding an extra layer of protection.

Gould proposed that DNS records should not update without a verified on-chain signature, ensuring that even if a registrar or user account is compromised, the domain cannot be altered unless the user’s wallet is compromised.

In the broader scope of digital asset security, Coinbase has also been named an additional custodian for VanEck’s Bitcoin Trust. This arrangement involves holding Bitcoin primarily in cold storage to protect against cyber threats.

These developments highlight the industry’s ongoing efforts to bolster security amid a massive attack on crypto. According to a recent report, over $688 Million were lost across 184 on-chain security incidents in Q2 alone.

More Articles

Podcast
Gregg Bell, SVP of HBAR Foundation, on Hedera, Creating New Investment Vehicles, Tokenization, and Creating the Trust Layer of the Internet | Ep. 408
2025-02-07 10:48:44
Ethereum News
Ether Outflows from Derivatives Exchanges Hit Highest Level Since August 2023, Signaling Bullish Trend
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-07 08:51:10
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors