spot_img
7.4 C
London
Sunday, December 8, 2024
HomeDeFiCrypto execs on DeFi domain hacks: Don’t interact with crypto for now

Crypto execs on DeFi domain hacks: Don’t interact with crypto for now

Date:

Related News

Crypto Market Cap Unlikely to Hit $10 Trillion This Cycle, Says Analyst

Prominent crypto analyst Chris Burniske, former head of crypto...

Bitcoin Price Prediction: BTC Dominance Drops, Altcoin Season Begins

The post Bitcoin Price Prediction: BTC Dominance Drops, Altcoin...

PEPE Price Predication for December 2024

The post PEPE Price Predication for December 2024 appeared...

Dogwifhat (WIF) Set to Explode, Experts Eyes in $5

The post Dogwifhat (WIF) Set to Explode, Experts Eyes...

CoinGecko founder Bobby Ong explained that after Google sold its domain business to Squarespace, two-factor authentication was removed due to the forced migration of domains.

As the vulnerability on Squarespace domains threatens the decentralized finance (DeFi) space with phishing attacks, Web3 professionals shared their advice on what users and those affected can do to avoid the attacks. 

On July 11, security investigator ZachXBT shared a Telegram post warning the community to stay away from the Compound Finance website, which redirected to a phishing site. The DeFi protocol was the first to be hijacked because of the vulnerability.

Following this, the Celer Network announced that it had also been attacked but successfully thwarted the attempt.

Meanwhile, DefiLlama developer “0xngmi” shared a list of domains vulnerable to the same attack vector. The list had over 100 protocols, including Polymarket, dYdX and Pendle Finance.

Don’t interact with crypto for the next few days

CoinGecko founder Bobby Ong said the attack stemmed from Squarespace’s domain registrar. The executive explained that after Google sold its domain business to Squarespace, two-factor authentication (2FA) was removed due to the forced migration of domains.

This made the domains vulnerable. According to Ong, the community should wait until the issue is fixed before interacting with crypto again. “Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved,” Ong added.

Consider transferring to other domain providers

Security researcher Samzsun said those affected by the recent domain hijacking on Squarespace might need to consider transferring to other providers. The white hat hacker recommended Cloudflare, Amazon Web Services Route 53, MarkMonitor and CSC DBS.

Meanwhile, Matthew Gould, the founder and CEO of Web3 domain provider Unstoppable Domains (UD), took the opportunity to explain how this type of attack may be avoided with Web3 domains. Gould explained:

“By creating verified onchain records for domains we can offer an extra layer of protection browsers and others can check to help fight these types of attacks.”

The executive added that users could even configure their DNS records to not update unless they provide a verified onchain signature.

The executive also floated the idea of disallowing records updates without signatures from wallets. This would require hackers to attack the registrar and the user separately.

“So if your UD account was compromised, or UD itself as a registrar was compromised, but not your wallet, the malicious user could not alter your domain in DNS,” Gould added.

Source:- COINTELEGRAPH

Ariana Raven
Ariana Raven
🌟 Ariana Raven - Passionate Crypto & Blockchain Marketing Specialist with 3 years of experience in driving impactful marketing campaigns across the digital landscape! 🚀
spot_img

Trending News

LEAVE A REPLY

Please enter your comment!
Please enter your name here