According to Bobby Ong, two-factor authentication was eliminated due to the forced migration of domains after Google sold its domain business to Squarespace.
Web3 specialists have provided recommendations for users and those affected by the phishing attacks threatening the decentralized finance (DeFi) space due to the vulnerability of Squarespace domains.
On July 11, security investigator ZachXBT shared a Telegram post cautioning the community to avoid the Compound Finance website, which was redirected to a fraudulent site. The vulnerability was the reason for the initial hijacking of the DeFi protocol.
Subsequently, the Celer Network disclosed that it had also been targeted but effectively thwarted the attack.
Meanwhile, DefiLlama developer 0xngmi disclosed a list of domains susceptible to the same attack vector. The list contained over 100 protocols, such as Pendle Finance, dYdX, and Polymarket.
Bobby Ong, the creator of CoinGecko, stated that the attack resulted from Squarespace’s domain registrar. The executive clarified that the compelled migration of domains necessitated the removal of two-factor authentication (2FA) following the sale of Google’s domain business to Squarespace.
This rendered the domains susceptible. According to Ong, the community should refrain from engaging with crypto until the issue is resolved. “It is advisable to refrain from engaging with cryptocurrency and to take it easy for the next few days until the situation is resolved,” Ong continued.
According to security researcher Samzsun, individuals whose recent domain usurpation has impacted Squarespace may wish to contemplate transitioning to alternative providers. The white-hat hacker suggested the following: Amazon Web Services Route 53, Cloudflare, MarkMonitor, and CSC DBS.
Concurrently, Matthew Gould, the CEO and founder of Unstoppable Domains (UD), a provider of Web3 domains, capitalized on the opportunity to describe how this type of attack can be prevented using Web3 domains.
The executive also mentioned that users could configure their DNS records to prevent updates unless they submit a verified on-chain signature.
The executive also proposed that purses be allowed to update records with signatures. This would necessitate that hackers conduct distinct attacks on the registrar and the user.
“So if your UD account was compromised, or UD itself as a registrar was compromised, but not your wallet, the malicious user could not alter your domain in DNS,” according to Gould.
In October, Charles Hoskinson, the founder of Cardano, is scheduled to meet with President Javier Milei of Argentina to deliberate…
Commerzbank has partnered with the Deutsche Börse subsidiary Crypto Finance to introduce a new service that provides corporate clients with…
On Thursday, Bitget disclosed that it had signed an agreement with the Spanish football league La Liga to become its…
After the Federal Reserve of the United States decided to reduce interest rates for borrowing money, the first reduction in…
Without changing its rules, Google's AI models may have been taught on LinkedIn users' data In the U.S., but not…
Following significant news from the South Korean crypto exchange Upbit, the Solana-based meme currency, cat in a Dogs World, saw…