Compound Finance confirms website hack redirecting users to phishing site
DeFi platform Compound Finance has suffered a big safety breach that has affected its official website. The protocol’s area has been hijacked and is at present internet hosting a phishing site, posing a extreme person threat.
Per Compound Labs’ official X account, the corporate issued an pressing warning at 10:15 A.M. on July 11, stating,
“The Compound Labs website (compound[.]finance) has been compromised. Please do not visit the website or click any links until further notice”.
Michael Lewellen, Compound’s Safety Advisor, confirmed the breach on X, emphasizing that users shouldn’t work together with the Compound Finance website. Lewellen clarified that whereas the website has been compromised, the Compound protocol stays unaffected, and all good contract funds are safe.
The incident seems to be a classy phishing assault. The respectable Compound Finance website has been changed with a fraudulent site designed to steal person data and doubtlessly their digital property. Such a assault, often known as area hijacking, includes taking management of a website title with out the proprietor’s consent, normally through a breach of DNS credentials.
Blockchain investigator ZachXBT has warned the crypto group through Telegram to keep away from utilizing the Compound Finance website due to it redirecting to a rip-off site compound-finance[.]app.
This incident follows a earlier safety breach last year, the place Compound Finance’s X account was hacked and used to promote a phishing site. That assault resulted in a reported lack of roughly $4.4 million LINK tokens.
The crypto group is suggested to train excessive warning and keep away from interacting with the Compound Finance website till official affirmation is offered that the problem has been resolved. Users ought to stay vigilant towards potential phishing makes an attempt and solely depend on official communications from Compound Labs concerning updates on the state of affairs.
Moreover, web3 safety instruments and browser extensions might help advise users of malicious hyperlinks. Some examples embody Malwarebytes Browser Guard, AegisWeb3, Pocket Universe, Pockets Guard, and MetaMask transaction perception Snaps.
[Author’s Note: I use Pocket Universe, which has saved me several times, but we cannot endorse any product or tool.]