The Compound Finance website was hijacked by hackers, redirecting users to a phishing site, but the protocol’s smart contracts and funds remain secure.
Notification and Breach Confirmation from ZachXBT
Compound Finance, a prominent decentralized finance (DeFi) lending platform supported by Coinbase and crypto firm a16z, has experienced a significant security breach. On July 11, crypto researcher ZachXBT revealed via their official Telegram channel that the Compound Finance website had been compromised, redirecting users to a newly registered phishing site.
ZachXBT, known for their diligence in uncovering crypto scams, issued a stern warning to the crypto community:
“Community Alert: The Compound Finance website appears to have been hacked. Do not visit the site at this time. It is currently redirecting to a newly registered phishing site.”
They identified that the legitimate Compound Finance website was redirecting visitors to “compound-finance[dot],” a domain that convincingly mimicked the original site.
Official Response From Compound Finance
Following ZachXBT’s alert, a member of the Compound Finance team confirmed the breach. Michael Lewellen, a security advisor at Compound Finance DAO, advised users to avoid interacting with the site to prevent potential loss of personal data and funds. He clarified that the URL had been compromised and was hosting a phishing site. Lewellen reassured users that while the site had been breached, the protocol’s funds and smart contracts remained secure.
Historical Security Incidents
This incident is not the first time Compound Finance has faced security challenges. In 2023, their official X (formerly Twitter) account was hacked, with intruders posting phishing links and promoting a fake cryptocurrency giveaway. The scam was quickly detected by cybersecurity entities such as Officer’s Notes and Scam Sniffer, who confirmed the presence of phishing links. Compound Labs managed to recover the account within four hours and removed the malicious content.
The company’s X account was compromised again on December 30, 2023, but only for four hours. The team acted swiftly to regain control, inform users, and remove the unwanted messages.
Rising Trend of Phishing Attacks in Crypto
The recent breach at Compound Finance highlights a growing trend of phishing attacks in the cryptocurrency sector. According to a July 3 report from blockchain analytics firm CertiK, losses from cryptocurrency security incidents in the first half of 2024 amounted to $1.19 billion, with phishing attacks accounting for $498 million. CertiK’s CEO, Ronghui Gu, emphasized the need for enhanced security measures, including multi-factor authentication, as the market continues to evolve.
The hijacking of the Compound Finance website serves as a stark reminder of the ongoing security challenges in the DeFi space. While smart contracts and protocol funds were not compromised, users are urged to stay vigilant and adopt stronger security practices to protect their digital assets.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
No Comment! Be the first one.