Compound and Celer Network, two prominent players in the decentralized finance (DeFi) and blockchain interoperability sectors, have recently suffered significant security breaches. The websites of both protocols were compromised, redirecting visitors to malicious pages designed to drain funds from connected wallets.
The issue first came to light through a warning by pseudonymous on-chain sleuth ZachXBT via his Telegram channel, signaling a “potential” hijack of Compound’s website. Shortly thereafter, the Web3 security tool Harpie confirmed that the site was indeed redirecting users to a wallet-draining page. Compound later acknowledged the attack, advising users to avoid visiting the site or clicking any links until further notice.
The full scope of the security breach remains uncertain, as Compound has not disclosed how the breach occurred or whether it affected components beyond its website.
However, Michael Lewellen, a security solutions architect at smart contract auditing firm OpenZeppelin, reassured the community that the underlying protocol and smart contract funds are believed to be secure.
Simultaneously, the Celer Network reported a similar incident, described as a “DNS domain attack,” suggesting a broader campaign targeting multiple crypto projects. The attack led to the redirection of its website to another fund-draining page.
The attacks have prompted concerns regarding the security practices of domain registrars, with Squarespace—a popular website building and hosting platform used by several crypto projects—identified as a common factor. This connection was highlighted by 0xngmi, the founder of DeFi Llama, on Twitter, sparking discussions about the potential vulnerabilities within domain registration services used by crypto projects.
This string of incidents underscores the persistent security challenges facing the DeFi sector, emphasizing the need for enhanced protective measures and vigilant monitoring of cybersecurity threats.