Ether.fi Thwarts Domain Takeover Attempt, User Funds Remain Safe

DeFi Hacks Security
Тhis incident highlights growing security concerns in DeFi, with recent attacks on Ethena and Banana Gun.
Last updated:
Editor
Editor
Veronika Rinecker
About Author

Veronika Rinecker is based in Germany and studied international journalism and media management. She specializes in reporting on topics such as politics and regulation, energy, blockchain, and...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

Ether.fi, a liquid restaking protocol, narrowly avoided a security scare after attackers attempted to hijack its domain name through its registrar, Gandi.net.

According to a detailed post by Ether.fi, the incident unfolded on Sept. 24 when the team received an email notification from Gandi indicating a domain recovery request. This triggered the protocol’s existing security measures, including verifying email sender authentication (SPF, DKIM, and DMARC), which ultimately alerted them to a potential attack.

Ether.fi contacted Gandi across multiple platforms, leading to a successful lockdown of their domain account by 7:30 PM UTC. This prevented further tampering and ensured the integrity of their nameserver configuration.

“We are in contact with our domain provider and the domain is locked down. Please continue to avoid our site until we have verified everything is working as expected,” Ether.fi said on its social media.

The company’s X post emphasizes that no internal breach has been detected, and user funds remain safe.

Proactive Approach and Collaboration

Ether.fi credits its proactive approach – including requiring hardware authentication for key platforms – for mitigating the attack and also highlights the importance of domain registrar security practices. “Gandi’s monitoring systems and process, while aggressive, locked down the domain account and prevented any access to our systems, and kept our websites, apps and emails safe from the attempted attack.”

While the full picture remains under investigation, Ether.fi promises further details in collaboration with Gandi within the next two days.

DeFi Under Attack: Recent Security Incidents Raise Concerns

The Ether.fi domain takeover attempt is just one example of the growing number of security incidents affecting the decentralized finance (DeFi) ecosystem. In recent weeks, several other DeFi projects have fallen victim to attacks, highlighting the ongoing challenges in safeguarding user funds and data.

An example is the Ethena website exploit that occurred in September. Ethena Labs, the company behind the synthetic dollar protocol, warned users to avoid interacting with any site or application claiming to be Ethena. According to its X post from Sept. 18, the site’s domain registrar account was compromised, resulting in the temporary shutdown of the site. Despite the exploit, Ethena Labs assured users that the underlying protocol and their funds remained unaffected.

Another high-profile incident involved the Telegram-based cryptocurrency trading bot Banana Gun. This bot allows users to trade on popular blockchains like Ethereum, Solana, and Base. However, on Sept. 19, attackers exploited vulnerabilities in the bot’s code to drain nearly $2 million worth of digital assets from unsuspecting users. Security firm Cyvers identified at least 11 attackers responsible for these thefts.

More Articles

Bitcoin News
SEC Commissioner Hester Peirce Says Goodbye to Controversial Crypto Accounting Guidance SAB 121
Sujha Sundararajan
Sujha Sundararajan
2025-01-24 06:19:51
Blockchain News
South Korea’s Goyang City Seizes Crypto Worth Over $228,000 from Traffic Offenders
Tim Alper
Tim Alper
2025-01-24 05:26:17
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors