Squarespace 上的 DeFi 應用程式容易受到 DNS 劫持攻擊，將使用者重新導向到惡意網站

超過 120 個 DeFi 協定可能容易受到攻擊，其中包括Compound 和 Celer Network。詳細了解 DeFi 安全風險以及如何保護自己。

Hackers are redirecting users of DeFi (Decentralized Finance) applications hosted on Squarespace to phishing sites in an ongoing DNS hijacking attack.

在持續的 DNS 劫持攻擊中，駭客將 Squarespace 上託管的 DeFi（去中心化金融）應用程式的使用者重新導向到釣魚網站。

The attack, which began on July 11, saw hackers gain control of the DNS registry for Compound Finance and attempted to take over Celer Network’s registry.

這次攻擊始於 7 月 11 日，駭客獲得了 Compound Finance 的 DNS 註冊表的控制權，並試圖接管 Celer Network 的註冊表。

By compromising the DNS records, the attackers were able to intercept traffic to the legitimate DeFi platforms and redirect users to phishing sites, which attempted to harvest sensitive information and drain users’ funds.

透過破壞 DNS 記錄，攻擊者能夠攔截合法 DeFi 平台的流量，並將用戶重定向到釣魚網站，這些網站試圖獲取敏感資訊並耗盡用戶資金。

"This incident is still ongoing – we are seeing new malicious sites impersonating additional brands being created by the same attackers," Blockaid noted in a tweet late on July 12.

Blockaid 在 7 月 12 日晚間發布的一條推文中指出：“這一事件仍在繼續，我們看到同一攻擊者創建了一個冒充其他品牌的新惡意網站。”

"We urge projects to double check their domain security settings – feel free to reach out by DM for additional security guidance."

“我們敦促專案仔細檢查其網域安全設定 - 請隨時透過 DM 聯繫以獲取更多安全指導。”

The attack was detected after users noticed that Compound’s interface led to a malicious website hosting a token-draining application, while Celer Network confirmed an attempted domain takeover, which was prevented by its monitoring system.

在用戶注意到Compound的介面導致託管代幣耗盡應用程式的惡意網站後，偵測到了攻擊，而Celer Network則確認了一次網域接管嘗試，但該行為被其監控系統阻止。

Both protocols acknowledged the attack in separate statements.

兩個協議都在單獨的聲明中承認了這次攻擊。

Further investigation revealed that the attacker is specifically targeting Squarespace domain names, putting any DeFi app with a Squarespace domain at risk.

進一步調查顯示，攻擊者專門針對 Squarespace 域名，使任何具有 Squarespace 域名的 DeFi 應用程式都面臨風險。

In response to the attack, MetaMask has implemented a warning system to flag potentially compromised DeFi apps, adding an extra layer of security to protect users from interacting with malicious websites.

為了應對此次攻擊，MetaMask 實施了一個警告系統來標記可能受到損害的 DeFi 應用程序，增加了額外的安全層以保護用戶免遭與惡意網站的交互。

While the precise methods used by the attackers are still being determined, it is speculated that the attack vector may have originated from Google domain accounts used by these protocols.

雖然攻擊者使用的具體方法仍在確定中，但推測攻擊向量可能源自於這些協定使用的 Google 網域帳戶。

Squarespace notably acquired nearly 10 million domains hosted on Google Domains for $180 million in 2023, which could have provided the attackers with a potential entry point to access sensitive DNS information.

值得注意的是，Squarespace 在 2023 年以 1.8 億美元收購了 Google Domains 上託管的近 1,000 萬個域名，這可能為攻擊者提供了存取敏感 DNS 資訊的潛在入口點。

The DeFi space is still in its early stages, and security remains a top concern. In December 2023, an attacker managed to inject malicious code into the Ledger Connect library, impacting the Ethereum Virtual Machine ecosystem.

DeFi 領域仍處於早期階段，安全性仍是首要問題。 2023 年 12 月，攻擊者成功將惡意程式碼注入 Ledger Connect 函式庫，影響了以太坊虛擬機器生態系統。

These incidents highlight the critical need for DeFi developers to prioritize robust security measures and for users to exercise caution when interacting with DeFi apps, especially those built on less rigorous security practices.

這些事件凸顯了 DeFi 開發人員迫切需要優先考慮穩健的安全措施，並要求用戶在與 DeFi 應用程式互動時保持謹慎，尤其是那些基於不太嚴格的安全實踐構建的應用程式。