A July 11 domain name system (DNS) attack against multiple Web3 protocols may have been allowed by a faulty Google Domains to Squarespace migration system, according to several DNS experts. According to some of the experts, tokenized web domains will significantly reduce the risk of these types of attacks occurring in the future.
On July 11, multiple Web3 protocols were targeted in a widespread DNS hijacking attack. Blockchain investigator ZachXBT discovered that the website for Compound finance was redirecting to a malicious phishing site designed to steal users’ tokens. Later in the day, Celer Network announced that its website had been targeted, although in this case the attack had been detected and blocked.
Blockchain security firm Blockaid reported that the attack seemed to be associated with “projects hosted on Squarespace,” implying that the vulnerability may have its roots in Squarespace’s domain registration system.
In a July 12 conversation with Cointelegraph, Matt Gould, founder of tokenized domain protocol Unstoppable Domains, theorized that the attack may have been caused by the migration of users from Google Domains to Squarespace, which may have allowed these users to become victims of phishing attacks. Gould stated:
“Right now, if you’re a customer for Google Domains and you need to move over to Squarespace, then you have to create a new account. So you’re a really easy, soft target for someone doing a phishing campaign. They can say, ‘Hey, you need to create your new Squarespace account. You haven’t done it yet. Your time is running out. Click this link.’”
In a post to X, Victor Zhou, founder of tokenized domain protocol Namefi, expressed a similar view. “It [was suspected] […] that the cause was likely these projects were registered by Google Domains. When @Google sold its domain business to @SquareSpace a few months ago, the migration involved forcefully terminating Multi-Factor Authentication, and the attackers were able to compromise it with merely a password.”
A…
..
