Following an attack on DNS records hosted by Squarespace, the interfaces of approximately 228 DeFi projects remain at risk. This was reported by Decrypt, citing Ido Ben-Natan, CEO of Blockaid.
On July 11, the incident affected Compound Finance and Celer Network, whose websites began redirecting users to phishing pages. The expert noted that intercepting DNS requests from the protocols allowed attackers to employ IP addresses associated with the Inferno drainer.
Ben-Natan believes that the shared on-chain and off-chain infrastructure, including smart contracts and wallets, indicates the use of a known malicious solution.
Inferno Drainer tools enable cybercriminals to steal user funds by automatically emptying their accounts after signing malicious transactions.
The group has been attempting to exploit vulnerabilities in DeFi protocols for some time, emphasized the Blockaid co-founder. However, the use of a unified infrastructure helps track and identify their attacks, he added.
Commenting on the Squarespace incident, Unstoppable Domains founder Matthew Gould noted that blockchain verification of DNS records can provide additional protection. Updates can be configured to occur only through on-chain confirmation, for example, using a wallet signature, he explained.
Registrars are custodians of your domains. If they are compromised, like SquareSpace today, your website traffic can be routed without your permission to somewhere else.
By creating verified onchain records for domains we can offer an extra layer of protection browsers and… https://t.co/Zgya33A4HC
— matt.crypto | matt.pudgy (@matthewegould) July 11, 2024
In 2023, the crypto industry lost $1.8 billion due to hacking and fraud. Although the total amount decreased by more than half over the year, the number of incidents rose by 90%, according to Immunefi.