According to a report from “The Defiant,” experts are urging Web3 users to avoid interacting with the front-end interfaces of decentralized finance (DeFi) protocols, as a domain migration related to Squarespace’s acquisition of Google’s domain business may leave many websites vulnerable to DNS attacks.
The domain migration has caused the two-factor authentication (2FA) previously managed by Google for websites to become ineffective, making the front-end domains of DeFi protocols Compound Finance, Pendle Finance, and cross-chain protocol Celer Network targets for attacks. These three protocols have each stated that their domains are secure on X platform.
Bobby Ong, co-founder of the cryptocurrency information platform CoinGecko, stated that 0xngmi, founder of the blockchain data platform DeFi Llama, shared a list of over 120 DeFi domains that could potentially be attacked, noting, “This is a shared list of all domains that this registrant owns, so they may be at risk of being hacked.”
The front-end user interface (UI) allows users to interact with DeFi protocols through a typical graphical user interface (GUI) hosted on a web domain. While the front ends of DeFi projects may be vulnerable to attacks, the event has not affected the underlying web3 backend protocols, which facilitate server-side operations, databases, and application logic.
Domain migration
Google sold its domain business to Squarespace in June 2023. However, it was not until July 10, just two days ago, that the relevant websites were moved from Google to Squarespace.
Domain owners seemed unaware that their two-factor authentication would be disabled during the migration process, leaving many domains susceptible to potential DNS attacks. Attackers could redirect DNS records of popular DeFi front-end websites to malicious addresses for hosting wallet attacks and phishing attacks.
Inferno Drainer is designed to deceive unsuspecting users into approving malicious transactions, transferring the victim’s funds to the hacker’s wallet. Pendle, in explaining the incident, wrote:
