Malicious actors are targeting numerous crypto projects using domain names provided by Squarespace.
On July 11, Oxngmi, the pseudonymous developer of DeFiLlama, reported that over 100 crypto projects using Squarespace, including Polymarket, Hyperliquid, dYdX, and THORChain, face hacking risks. Blockchain security firm Blockaid confirmed this. They revealed that an attacker gained control of the DNS registry for Compound Finance and the interoperability protocol Celer Network. The attacker redirected visitors to a page designed to drain funds from their wallets.
The security firm stated, “From initial assessment, it appears that the attackers are operating by hijacking DNS records of projects hosted on Squarespace…The attackers are using a drainer kit associated with the most recent iteration of the Inferno drainer group.”
Ongoing Security Threats
New projects such as Unstoppable Domains and the DeFi project Pendle have also reported domain name hacks. Pendle confirmed that its domain was secure as of the latest update. Matthew Gould, the CEO of Web3 domain provider Unstoppable Domains, warned users against clicking on any links. He noted that attackers are attempting to create fake websites and distribute phishing emails.
“If you were on Google domains and got migrated to Squarespace, you are vulnerable and should inform your engineering team to move immediately,” Gould advised.
It remains unclear whether any of these breaches have led to financial losses for users of these platforms. Squarespace has not yet responded to CryptoSlate’s request for comment as of the latest report.
Cause of the Attack
CoinGecko founder Bobby Ong revealed that the security breach originated from Squarespace’s domain registrar. Google’s sale of its domain business to Squarespace led to the removal of two-factor authentication (2FA) due to forced domain migration.
Ong explained, “Google sold their domain business to Squarespace a few months ago. The forced migration of domains to Squarespace removed 2FA, causing all these domains to be vulnerable. Several have been hijacked.”
DeFi project Pendle noted the significant scale of the attack. Security experts are still determining the exact mechanism behind these hijackings. The migration from Google to Squarespace has affected many domains. ICANN’s domain transfer policies prevent immediate transfers away from Squarespace for approximately 20 days.
Suggested Solutions
Security experts recommend that projects enhance their protection by enabling two-factor authentication (2FA) on Squarespace. They also advise removing excess contributor accounts and reseller access, reverting all changes to DNS records, and eliminating unnecessary admin accounts.
Furthermore, experts suggest affected projects consider switching to other providers such as Cloudflare, Amazon Web Services, MarkMonitor, and CSC DBS.
The post Major crypto projects at risk as Squarespace domain breach unfolds appeared first on CryptoSlate.
