Celer Network warns of potential DNS hijacking attack targeting multiple crypto websites
Celer Network has issued a warning regarding a possible DNS domain hijacking attack that could impact several projects. The interoperability project recommended that users refrain from accessing its front-end websites, Celer.network and cbridge.celer.network.
This cautionary measure comes after a contributor to Compound Finance noted signs of hijacking on its own website (compound.finance), leading to a temporary advisory against visiting it. Data from who.is shows that these websites are registered via domain registrar Squarespace.
“Multiple crypto projects have had their domains mysteriously hijacked from their Squarespace account,” security analyst samczsun noted . He suggested projects transferr affected domains to other hosting platforms such as Cloudflare and AWS.
Squarespace is the domain registrar in this case. It’s a popular website builder and hosting platform that allows users to create and maintain websites. Websites can be prone to being taken over by nefarious actors via centralized systems that help manage domain names for websites.
DeFiLlama co-founder 0xngmi noted that several notable domains are at risk, including those belonging to Pendle, Karak, Hyperliquid, Thorchain and others.
The domain name system is a widely used protocol that websites rely on. However, attackers can exploit issues in DNS to attempt nefarious activities, such as redirecting the official website to a malicious one.
This was not the first DNS-based attack for Celer, as it faced a similar incident in 2022. Other projects such as Curve and Balancer have also been impacted over the last few years.
During DNS attacks, hackers try to lure users into engaging with compromised smart contracts, which can result in the loss of crypto assets. So far, in today’s incidents, no loss of funds has been reported.
