Celer Network Attack Is Causing DeFi Chaos Along With Compound Crash

Key Points:

• Celer Network attack is causing users to malicious phishing sites, although the company assures their systems and funds are secure.
• Hackers employed ‘front-end’ attacks by compromising DNS registrars and replacing legitimate websites with fraudulent versions to steal funds.

In a coordinated attack on Thursday, the websites of Celer Network and Compound Finance were compromised, redirecting users to malicious phishing sites.

Celer Network Attack Targeted in Phishing Websites

Celer Network informed its users four hours after the attack, warning them to avoid celer.network and cbridge.celer.network while they investigated a potential DNS domain attack. Despite the Celer Network attack, it assured that their systems and funds remained secure and promised further updates as the situation evolved.

The Celer Network attack used is known as a ‘front-end’ attack, where hackers replace the project’s legitimate website with a fraudulent version. The method does not exploit vulnerabilities in smart contract code but instead targets the domain name service (DNS) registrar. Attackers often use social engineering or financial incentives to compromise the DNS registrar, redirecting users to phishing sites.

Security Flaws in Squarespace Linked to Multiple DeFi Hacks

Security researcher Samczsun and DeFiLlama’s 0xngmi have identified the common link between the affected projects as their use of Squarespace for web hosting. 0xngmi has compiled a list of other potentially at-risk domains, highlighting a broader vulnerability in the DeFi space.

Earlier today, Compound Finance‘s frontend was similarly compromised, leading users to a phishing site at compound-finance.app. Security expert Michael Lewellen noted that this site could drain users’ funds if they interact with it, though the core Compound protocol and user deposits remain unaffected.

These attacks are part of a larger trend where hackers clone original websites, swapping out key elements to execute malicious transactions. These can transfer funds to hacker-controlled addresses or harvest token approvals. Other large DeFi projects using Squarespace, such as Pendle, Karak, Hyperliquid, and dYdX, may also be at risk of similar attacks.