Squarespace 上的 DeFi 应用程序容易受到 DNS 劫持攻击，将用户重定向到恶意网站

超过 120 个 DeFi 协议可能容易受到攻击，其中包括Compound 和 Celer Network。详细了解 DeFi 安全风险以及如何保护自己。

Hackers are redirecting users of DeFi (Decentralized Finance) applications hosted on Squarespace to phishing sites in an ongoing DNS hijacking attack.

在持续的 DNS 劫持攻击中，黑客将 Squarespace 上托管的 DeFi（去中心化金融）应用程序的用户重定向到钓鱼网站。

The attack, which began on July 11, saw hackers gain control of the DNS registry for Compound Finance and attempted to take over Celer Network’s registry.

这次攻击始于 7 月 11 日，黑客获得了 Compound Finance 的 DNS 注册表的控制权，并试图接管 Celer Network 的注册表。

By compromising the DNS records, the attackers were able to intercept traffic to the legitimate DeFi platforms and redirect users to phishing sites, which attempted to harvest sensitive information and drain users’ funds.

通过破坏 DNS 记录，攻击者能够拦截合法 DeFi 平台的流量，并将用户重定向到钓鱼网站，这些网站试图获取敏感信息并耗尽用户资金。

"This incident is still ongoing – we are seeing new malicious sites impersonating additional brands being created by the same attackers," Blockaid noted in a tweet late on July 12.

Blockaid 在 7 月 12 日晚间发布的一条推文中指出：“这一事件仍在继续，我们看到同一攻击者创建了冒充其他品牌的新恶意网站。”

"We urge projects to double check their domain security settings – feel free to reach out by DM for additional security guidance."

“我们敦促项目仔细检查其域安全设置 - 请随时通过 DM 联系以获取更多安全指导。”

The attack was detected after users noticed that Compound’s interface led to a malicious website hosting a token-draining application, while Celer Network confirmed an attempted domain takeover, which was prevented by its monitoring system.

在用户注意到Compound的界面导致托管代币耗尽应用程序的恶意网站后，检测到了此次攻击，而Celer Network则确认了一次域名接管尝试，但该行为被其监控系统阻止。

Both protocols acknowledged the attack in separate statements.

两个协议都在单独的声明中承认了这次攻击。

Further investigation revealed that the attacker is specifically targeting Squarespace domain names, putting any DeFi app with a Squarespace domain at risk.

进一步调查显示，攻击者专门针对 Squarespace 域名，使任何具有 Squarespace 域名的 DeFi 应用程序都面临风险。

In response to the attack, MetaMask has implemented a warning system to flag potentially compromised DeFi apps, adding an extra layer of security to protect users from interacting with malicious websites.

为了应对此次攻击，MetaMask 实施了一个警告系统来标记可能受到损害的 DeFi 应用程序，增加了额外的安全层以保护用户免遭与恶意网站的交互。

While the precise methods used by the attackers are still being determined, it is speculated that the attack vector may have originated from Google domain accounts used by these protocols.

虽然攻击者使用的具体方法仍在确定中，但推测攻击向量可能源自这些协议使用的 Google 域帐户。

Squarespace notably acquired nearly 10 million domains hosted on Google Domains for $180 million in 2023, which could have provided the attackers with a potential entry point to access sensitive DNS information.

值得注意的是，Squarespace 在 2023 年以 1.8 亿美元收购了 Google Domains 上托管的近 1000 万个域名，这可能为攻击者提供了访问敏感 DNS 信息的潜在入口点。

The DeFi space is still in its early stages, and security remains a top concern. In December 2023, an attacker managed to inject malicious code into the Ledger Connect library, impacting the Ethereum Virtual Machine ecosystem.

DeFi 领域仍处于早期阶段，安全性仍然是首要问题。 2023 年 12 月，攻击者成功将恶意代码注入 Ledger Connect 库，影响了以太坊虚拟机生态系统。

These incidents highlight the critical need for DeFi developers to prioritize robust security measures and for users to exercise caution when interacting with DeFi apps, especially those built on less rigorous security practices.

这些事件凸显了 DeFi 开发人员迫切需要优先考虑稳健的安全措施，并要求用户在与 DeFi 应用程序交互时保持谨慎，尤其是那些基于不太严格的安全实践构建的应用程序。