According to a report from The Defiant, experts are urging Web3 users to avoid interacting with the front-end interfaces of decentralized finance (DeFi) protocols, as a domain migration related to Squarespace’s acquisition of Google’s domain business may lead to DNS attacks on many websites.
Due to the domain migration, two-factor authentication (2FA) previously managed by Google on websites has been disabled, making the front-end domains of DeFi protocols Compound Finance, Pendle Finance, and cross-chain protocol Celer Network targets for attacks. These three protocols have individually stated that their domains are secure on X platform.
Bobby Ong, co-founder of cryptocurrency information platform CoinGecko, stated that the founder of blockchain data platform DeFi Llama, 0xngmi, shared a list of over 120 DeFi domains that may be vulnerable to attacks, noting, “This is a shared list of all domains owned by the registrant, hence they may face the risk of being hacked.”
Front-end user interfaces (UI) allow users to interact with DeFi protocols through the typical graphical user interfaces (GUI) hosted on web domains. While the front-end of DeFi projects may be susceptible to attacks, the incident does not affect the underlying web3 backend protocols, which facilitate server-side operations, databases, and application logic.
Google sold its domain business to Squarespace in June 2023. However, it was not until July 10, just two days ago, that the relevant websites were migrated from Google to Squarespace.
Domain owners seemed unaware that their 2FA functionality would be disabled during the migration, leading many domains to face potential DNS attacks. Attackers can redirect DNS records of popular DeFi front-end websites to malicious addresses for wallet hosting attacks and phishing attacks.
Inferno Drainer is designed to deceive unsuspecting users into approving malicious transactions, transferring the victims’ funds to the hacker’s wallet. Pendle explained the incident by stating: