The July 11 Compound and Celer attacks may have been rooted in a Squarespace migration, and blockchain may help prevent future attacks.
A July 11 domain name system (DNS) attack against multiple Web3 protocols may have been allowed by a faulty Google Domains to Squarespace migration system, according to several DNS experts. According to some of the experts, tokenized web domains will significantly reduce the risk of these types of attacks occurring in the future.
On July 11, multiple Web3 protocols were targeted in a widespread DNS hijacking attack. Blockchain investigator ZachXBT discovered that the website for Compound finance was redirecting to a malicious phishing site designed to steal users’ tokens. Later in the day, Celer Network announced that its website had been targeted, although in this case the attack had been detected and blocked.
Blockchain security firm Blockaid reported that the attack seemed to be associated with “projects hosted on Squarespace,” implying that the vulnerability may have its roots in Squarespace’s domain registration system.