2 min read
The websites of Ethereum-based DeFi protocol Compound and multi-chain interoperability protocol Celer Network have both been compromised, with their respective front-ends both currently redirecting visitors to a page that drains the funds from connected wallets.
Compound is a decentralized finance (DeFi) protocol that allows users to borrow crypto and provide loans by locking their assets. Pseudonymous on-chain sleuth ZachXBT first reported the apparent attack via his Telegram channel, alerting of a “potential” hijack.
An hour later, Web3 security tool Harpie furthered this claim, stating that the site now redirects to a page that drains wallets that connect. Compound eventually confirmed the attack itself, stating that its website had been compromised.
“Please do not visit the website or click any links until further notice,” Compound wrote.
Currently, the extent of the security breach is unknown. Compound has yet to confirm how it occurred or if anything other than its website has been affected. Michael Lewellen, security solutions architect at smart contract auditing firm OpenZeppelin, wrote that he believes that the protocol itself is not impacted—meaning that “all smart contract funds are safe."
Not long after, interoperability protocol Celer Network also suffered a “DNS domain attack” that the project claims is “hitting multiple projects at the same time.” Again, the URL now redirects to a drainer page.
Decrypt reached out to both Compound and Celer for comment, but did not immediately hear back from either project.
“The domains for Celer and Compound just got hacked,” pseudonymous DeFi Llama founder 0xngmi wrote on Twitter. “The leading suspect is that something is going on in their registrar: Squarespace.”
Squarespace is a popular website building and hosting site that many businesses use—including crypto projects like Polymarket, dYdX, and Karak Network, per a list created by 0xngmi. None of these projects have publicly commented.
Edited by Andrew Hayward
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.