Major crypto projects at risk as Squarespace domain breach unfolds
Security experts recommend that projects enhance their protection by enabling 2FA on Squarespace.
Malicious actors are targeting several crypto projects with domain names provided by Squarespace.
On July 11, Oxngmi, the pseudonymous developer of DeFiLlama, reported that over 100 crypto projects using Squarespace, including Polymarket, Hyperliquid, dYdX, and THORChain, are at risk of being hacked.
Blockchain security firm Blockaid confirmed this, stating that an attacker gained control of the DNS registry for Compound Finance and interoperability protocol Celer Network and subsequently redirected visitors to a page that would drain funds from their wallets.
The security firm said:
“From initial assessment, it appears that the attackers are operating by hijacking DNS records of projects hosted on SquareSpace…The attackers are using a drainer kit associated with the most recent iteration of the Inferno drainer group.”
Meanwhile, the security threats are ongoing as new projects like Unstoppable Domains and DeFi project Pendle have also reported domain name hacks. Pendle said its domain was secure as of press time.
Matthew Gould, the CEO of Web3 domain provider Unstoppable Domains, warned users not to click on any links. He added that the attackers are trying to create a fake website and spread phishing emails.
He said:
“If you were on Google domains and got migrated to Squarespace you are vulnerable and should let your engineeing team know to move immediately.”
It is unclear if any of these breaches resulted in financial losses for users of these platforms.
Squarespace has yet to respond to CryptoSlate’s request for comment as of press time.
What is the cause of the attack?
CoinGecko founder Bobby Ong revealed that a security breach originated from Squarespace’s domain registrar. He explained that Google’s sale of its domain business to Squarespace led to the removal of two-factor authentication (2FA) due to forced domain migration.
Ong said:
“Google sold their domain business to Squarespace a few months ago and the forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked.”
DeFi project Pendle noted the significant scale of the attack, pointing out that security experts are still determining the exact mechanism behind these hijackings. It added that the migration from Google to Squarespace affected many domains.
Pendle said:
“ICANN’s domain transfer policies prevent us from transferring domains away from Squarespace for another ~20 days.”
Meanwhile, a security advisory from SEAL 911 — a team of white hat hackers including ZachXBT — Paradigm’s Samczsun, Consensys’ Taylor Mohanan (Tayvano), and Andrew Mohawk, suggested that Squarespace might have been compromised via a social engineering attack.
Solutions?
Security experts recommend that projects enhance their protection by enabling two-factor authentication (2FA) on Squarespace.
They also advise removing excess contributor accounts and reseller access. Additionally, they suggest reverting all changes to DNS records and removing unnecessary admins from accounts.
Experts further advise affected projects to consider switching to other providers such as Cloudflare, Amazon Web Services, MarkMonitor, and CSC DBS.