Compound Security Breach Has Now Been Fixed

Key Points:

• Compound security breach has now been fixed after a phishing attack caused risks to user data and assets.
• Compound Labs restored security to the compound.finance site and advised users to verify URLs to avoid fraudulent sites.
• The incident highlights ongoing security challenges in DeFi, possibly due to registrar vulnerabilities.

Compound Labs has successfully restored the compound.finance website’s security following a phishing incident that compromised its frontend.

Read more: Hundred Finance Warns Compound V2 Users After Hack

Compound Security Breach: Phishing Attack Targets User

Users are urged to ensure they are visiting the correct website by checking the URLs: “compound.finance,” “app.compound.finance,” or “compoundlabs.xyz.” Any deviation from these URLs may lead to a fraudulent site.

The incident, confirmed by Michael Lewellen, the Compound’s Security Advisor, involved a sophisticated phishing attack where the legitimate site was replaced with a malicious counterpart. Despite the Compound security breach, its smart contract funds remain secure.

Security experts like ZachXBT and members of the Compound Finance team have cautioned users against interacting with the compromised site to avoid potential data and asset losses.

DeFi Security Concerns Amplified by Domain Hijacking Incidents

Compound Finance, a prominent decentralized finance (DeFi) platform allowing token deposits, lending, and borrowing on the Ethereum blockchain, manages nearly $3 billion in assets. This incident underscores ongoing security challenges within the DeFi sector.

Meanwhile, similar attacks have affected other blockchain projects, including Celer Network with broader concerns about web infrastructure vulnerabilities. Celery Urges users not to visit Celer.network and cbridge.Celer.network while they are investigating a potential DNS domain attack. Experts suspect the Compound security breach and other attacks may be linked to vulnerabilities at Squarespace, the registrar handling these projects’ domains.