July 12, 2024

Security Breach: Compound Finance Website Compromised in Phishing Scam

 Security Breach: Compound Finance Website Compromised in Phishing Scam

Security Breach: Compound Finance Website Compromised in Phishing Scam

Compound Finance’s website was hijacked by hackers, redirecting users to a phishing site, but the protocol’s smart contracts and funds remain secure.

ZachXBT’s Alert and Confirmation of Breach

Compound Finance, a prominent decentralized finance (DeFi) lending platform backed by Coinbase and a16z crypto, has suffered a significant security breach. On July 11, crypto investigator ZachXBT revealed via their official Telegram channel that the Compound Finance website had been hijacked, redirecting users to a newly registered phishing site.

ZachXBT, known for their diligence in uncovering crypto scams, issued a stern warning to the crypto community: 

“Community Alert: Compound Finance website seems to potentially be hijacked. Do not visit the site for the time being. Currently redirects to a newly registered phishing site.” 

They identified that the legitimate Compound Finance website was redirecting visitors to the “compound-finance[dot]app,” a domain that convincingly mimicked the original site.

Official Response from Compound Finance

Following ZachXBT’s alert, a member of the Compound Finance team confirmed the breach. Michael Lewellen, a security adviser at Compound Finance DAO, advised users to avoid interacting with the site to prevent potential losses of personal data and funds. He clarified that the URL had been compromised and was hosting a phishing site. Lewellen reassured users that while the website was hijacked, the protocol and smart contract funds remained secure.

History of Security Incidents

This incident is not the first time Compound Finance has faced security challenges. In 2023, their official X (formerly Twitter) account was hacked, with attackers posting phishing links and promoting a fake crypto giveaway. The scam was swiftly identified by cybersecurity entities such as Officer’s Notes and Scam Sniffer, who confirmed the presence of phishing links. Compound Labs managed to recover the account within four hours and removed the malicious content.

The company’s X account was compromised once again on December 30, 2023, however, only for four hours. The team acted swiftly by regaining control, informing the users, and removing the spam messages. 

Rising Trend of Phishing Attacks in Crypto

The recent breach at Compound Finance highlights a growing trend of phishing attacks within the crypto sector. According to a July 3 report by blockchain analytics firm CertiK, losses from crypto security incidents in the first half of 2024 amounted to $1.19 billion, with phishing attacks alone accounting for $498 million. CertiK’s CEO Ronghui Gu emphasized the necessity for enhanced security measures, including multifactor authentication, as the market continues to grow.

The Compound Finance website hijack serves as a stark reminder of the ongoing security challenges in the DeFi space. While the protocol’s smart contracts and funds were not compromised, users are urged to remain vigilant and adopt stronger security practices to safeguard their digital assets.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice. 

Amara Khatri