A suspected security breach at the Compound Finance website has prompted a stark warning from prominent crypto investigator ZachXBT.
The on-chin sleuth has advised users to avoid the site as it may redirect them to a phishing website, which poses serious security threats. ZachXBT issued this warning via Telegram post.
Compound Finance Breach Warning
According to the Telegram scam alert, the crypto community should steer clear of Compound Finance’s website for now. Doing so could protect users from falling victim to a newly registered phishing site, which could result in fund loss.
A member of the Compound Finance team confirmed the breach, echoing ZachXBT’s caution. Michael Lewellen, a security adviser at the Compound Finance DAO, further explained that the URL had been compromised and is currently hosting a phishing site.
Lewellen reassured the community that the protocol and smart contract funds were safe despite the website breach. Meanwhile, this incident is not an isolated case for Compound Finance. Last year, hackers hijacked the company’s official X account and leveraged it to promote a phishing site.
To lure their victims, the attackers posted ads offering free crypto tokens and directed users to a fake website resembling Compound’s. Some cybersecurity experts, including Scam Sniffer and Officer’s Notes, quickly identified and flagged the scam.
On December 30, 2023, Compound Labs confirmed the compromise of their X account, which was under hacker control for four hours before the firm could recover it. The team managed to remove the spam messages and restore security.
The broader crypto community has been on high alert regarding such attacks. In April, CertiK CEO and co-founder Ronghui Gu highlighted the surge in phishing attacks within the crypto sector.
He reported that phishing incidents had reached concerning levels, with significant financial losses. Moreover, CertiK’s mid-2024 report revealed that security incidents had led to $1.19 billion in losses, with nearly $498 million attributed to phishing attacks alone.
Gu stressed the importance of implementing multifactor authentication and adopting stringent security measures to combat these threats.
Meanwhile, in another report, popular rapper Doja Cat’s X account was hijacked, leading to the promotion of a fraudulent crypto token named after her. Celebrity news outlet Daily Trends hails this information.
The Daily Mail also confirmed the hack, noting that the hackers used the account to post disparaging remarks about fellow rapper Iggy Azalea.
The scam token, dubbed “Doja Cat (DOJA),” quickly amassed a market capitalization of $1.65 million following its promotion through the hacked account.
However, this figure plummeted to a mere $16,820, resulting in more than $1.63 million in investor losses.
Daily Trends shared an image of the now-deleted scam post, which featured Doja Cat dressed in armour and holding a sword. The post contained a threatening message urging followers to “buy $DOJA or else,” along with the token’s Solana contract address.
Disclaimer: The opinions expressed in this article do not constitute financial advice. We encourage readers to conduct their own research and determine their own risk tolerance before making any financial decisions. Cryptocurrency is a highly volatile, high-risk asset class.
Our Editorial Process
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.