Compound Finance gets hacked to host a phishing website

July 11, 2024 01:41 AM PDT | By Invezz

Compound Finance gets hacked to host a phishing website — Image source: Invezz

Scammers attempt mass phishing

Warning users in a Telegram post, the investigator has urged users to avoid interacting with the malicious “compound-finance[dot]app” link. The bogus site fully mimics the original Compound Finance website.

Fake Compound Finance website designed to dupe users. Source: Harpie on X.

The hack has been confirmed by Compound DAO security consultant Michael Lewellen on X. Lwellen, in line with ZachXBT, warned users to avoid interacting with the compound.finance URL, which was redirecting users to the aforementioned site.

The Compoound Finance member also assured that the protocol was not impacted and that the smart contract funds were safe.

MartyFly, a crypto commentator, noted that the phishing link managed to redirect users even if the original site had been bookmarked. Further, refreshing a previous instance of the website opened on a browser also redirected users to the malicious site.

At the time of publication, the URL was not redirecting users to the phishing site. There have been no reports of any funds lost.

The Compound Finance team is yet to make a public statement acknowledging the matter.

History of attacks

This is not the first time the decentralised finance protocol has been compromised. Last year, the project’s X account was targeted by hackers.

The attackers used the social media account to promote another phishing website. The site was advertised as offering free crypto tokens and urged users to click a malicious link.

The incident was later confirmed by the Compound Finance team, stating that hackers retained access for four hours before the X account was recovered.

Launched in 2017, Compound Finance allows users to lend and borrow crypto with a middleman, leveraging smart contracts.

The firm has secured funding from notable names such as Andreessen Horowitz’s a16z crypto, Polychain Capital, Bain Capital, Coinbase Ventures, Paradigm, and Dragonfly Capital.

Meanwhile, phishing activities remain a matter of concern for the cryptocurrency sector.

Earlier this month, the official email address of the Ethereum Foundation was hacked to send phishing emails to 35,794 addresses. The scammers attempted to dupe users in the name of a staking scheme.

Fortunately, no users were affected by the attack.

As previously reported by Invezz, over $300 million worth of cryptocurrency assets were stolen from EVM chains in the first half of 2024 via phishing scams. A 6.44% rise was noted compared to the same period in 2023.

The post Compound Finance gets hacked to host a phishing website appeared first on Invezz

Disclaimer

The content, including but not limited to any articles, news, quotes, information, data, text, reports, ratings, opinions, images, photos, graphics, graphs, charts, animations, and video (Content) is a service of Kalkine Media LLC., having Delaware File No. 4697309 (“Kalkine Media, we or us”) and is available for personal and non-commercial use only. The principal purpose of the Content is to educate and inform. The Content does not contain or imply any recommendation or opinion intended to influence your financial decisions and must not be relied upon by you as such. Some of the Content on this website may be sponsored/non-sponsored, as applicable, but is NOT a solicitation or recommendation to buy, sell or hold the stocks of the company(s) or engage in any investment activity under discussion. Kalkine Media is neither licensed nor qualified to provide investment advice through this platform. Users should make their own enquiries about any investments and Kalkine Media strongly suggests the users to seek advice from a financial adviser, stockbroker or other professional (including taxation and legal advice), as necessary. Kalkine Media hereby disclaims any and all the liabilities to any user for any direct, indirect, implied, punitive, special, incidental or other consequential damages arising from any use of the Content on this website, which is provided without warranties. The views expressed in the Content by the guests, if any, are their own and do not necessarily represent the views or opinions of Kalkine Media.
The content published on Kalkine Media also includes feeds sourced from third-party providers. Kalkine does not assert any ownership rights over the content provided by these third-party sources. The inclusion of such feeds on the Website is for informational purposes only. Kalkine does not guarantee the accuracy, completeness, or reliability of the content obtained from third-party feeds. Furthermore, Kalkine Media shall not be held liable for any errors, omissions, or inaccuracies in the content obtained from third-party feeds, nor for any damages or losses arising from the use of such content. Some of the images/music that may be used on this website are copyrighted to their respective owner(s). Kalkine Media does not claim ownership of any of the pictures/music displayed/used on this website unless stated otherwise. The images/music that may be used on this website are taken from various sources on the internet, including paid subscriptions or are believed to be in public domain. We have used reasonable efforts to accredit the source (public domain/CC0 status) to where it was found and indicated it, as necessary.
This disclaimer is subject to change without notice. Users are advised to review this disclaimer periodically for any updates or modifications.