Several decentralized finance platforms, including Compound Finance, Celer Network, and Pendle, had domains registered with Squarespace impacted by DNS hijacking attacks on Thursday, BleepingComputer reports. Both Celer and Pendle reported the recovery of their domains, with the latter emphasizing that no cryptocurrency assets had been compromised as a result of the intrusion. "...[A]ttackers exploited a vulnerability in Squarespace, hijacking domains hosted on their platform. Security experts are still working out the exact mechanism for the hijacking attacks, but many domains (including Pendle's) that were migrated from Google to Squarespace have been affected," said Pendle in a post on X, formerly Twitter. Additional details regarding the domain takeover process remain unclear but the compromise has been associated by cryptocurrency security researchers Andrew Mohawk, Taylor Monahan, and Samczsun with the multi-factor authentication deactivation during domain migration. Automated domain-linked account creation and reseller access may have also been exploited by threat actors to facilitate domain hijacking, researchers said.
Network Security, Incident Response
Squarespace-registered DeFi platforms subjected to DNS hijacking

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds