Cryptopeutic – Latest Crypto & Blockchain News
Image default
Bitcoin Crypto websites

Crypto websites registered to Squarespace are being hijacked and redirected by scammers



(Image credit: Getty Images)

Multiple cryptocurrency projects registered with the Squarespace web hosting provider, were recently targeted with a coordinated DNS hijacking attack. The goal of the attack was to steal their users’ money.

DNS hijacking, also known as DNS redirection, is a type of cyberattack where attackers manipulate the Domain Name System (DNS) to redirect internet traffic to fraudulent websites. This can be done by modifying the DNS settings on a victim’s device, DNS server, or through other means. 

So, when the users tried to visit the websites of any of these projects, they were instead redirected to a fake site, which asked them to reconnect their wallets. Users who didn’t find the request suspicious and did as asked, risked having their funds (both cryptocurrencies and NFTs) drained from their wallets, permanently.

Google Domains migration and MFA woes

Some of the projects who were targeted in this wave were Compound Finance, Celer Network, Pendle, and Unstoppable Domains. These confirmed, via social media, that they were attacked, and urged their customers to be careful and use secure alternatives. Users were also advised to revoke approvals for smart contracts, change passwords, and pull their funds to a new account.

At press time, it wasn’t entirely clear how the attackers managed to compromise these accounts. One of the affected projects, Pendle, believes it might have something to do with the recent migration from Google Domains. 

“For context – Squarespace purchased all domain registrations and related customer accounts from Google Domains in June 2023, which forced the migration of domains,” Pendle explained in an X post. 

“Recently, attackers exploited a vulnerability in Squarespace, hijacking domains hosted on their platform. Security experts are still working out the exact mechanism for the hijacking attacks, but many domains (including Pendle’s) that were migrated from Google to Squarespace have been affected.”

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

A BleepingComputer report suggests that this “vulnerability” was actually multi-factor authentication (MFA) being disabled as part of the migration. The publication states that there is a Squarespace support topic about Google Domains migration disabling MFA, which urged domain owners to re-enable it.

More from TechRadar Pro

  • A new macOS backdoor could let hackers hijack your device without you knowing
  • Here’s a list of the best firewalls today
  • These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read More

Related posts

Custodian Arrangement Is the Core Requirement for Obtaining MPI License, Says OKX Singapore CEO

DailyCrypto.news

Crypto Casino of the Year BC GAME Launches Its All-New Redesigned Website With Better Features

DailyCrypto.news

Microsoft Exchange ProxyShell is being exploited to mine crypto once again

DailyCrypto.news

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

Please enter CoinGecko Free Api Key to get this plugin works.