Several cryptocurrency projects registered on web hosting provider Squarespace were recently targeted by a coordinated DNS hijacking attack. The goal of the attack was to steal their users' money.
DNS hijacking, also known as DNS redirection, is a type of cyberattack in which attackers manipulate the Domain Name System (DNS) to redirect internet traffic to fraudulent websites. This can be done by modifying the DNS settings on the victim's device, the DNS server, or by other means.
Thus, when users tried to visit the websites of any of these projects, they were redirected to a fake site, which asked them to reconnect their wallets. Users who did not consider the request suspicious and did as asked risked having their funds (both crypto and NFT) emptied from their wallets permanently.
Issues with Google Domains and MFA migration
Some of the projects targeted by this wave were Compound Finance, Celer Network, Pendle, and Unstoppable Domains. They confirmed via social media that they were attacked and urged their customers to be careful and use safe alternatives. Users were also advised to revoke smart contract approvals, change passwords, and transfer their funds to a new account.
At press time, it was not entirely clear how the attackers managed to compromise these accounts. One of the affected projects, Pendle, believes it might have something to do with the recent migration from Google Domains.
“For context, Squarespace purchased all domain registrations and related customer accounts from Google Domains in June 2023, forcing the migration of domains,” Pendle explained in an X post.
“Recently, attackers exploited a vulnerability in Squarespace and hijacked domains hosted on its platform. Security experts are still deciphering the exact mechanism of the hijacking attacks, but many domains (including Pendle's) that were migrated from Google to Squarespace were affected.”
TO Computer beeping The report suggests that this “vulnerability” was actually multi-factor authentication (MFA) that was disabled as part of the migration. The post claims that there is a Squarespace support topic about Google Domains migration that disabled MFA, which urged domain owners to re-enable it.
