Decentralised lending platform Compound Finance has been hacked. The platform’s website was replaced with a phishing site.
First flagged by on-chain investigator ZachXBT, the website began redirecting users to a different newly registered domain starting July 11.
Scammers attempt mass phishing
Warning users in a Telegram post, the investigator has urged users to avoid interacting with the malicious “compound-finance[dot]app” link. The bogus site fully mimics the original Compound Finance website.
Fake Compound Finance website designed to dupe users. Source: Harpie on X.
The hack has been confirmed by Compound DAO security consultant Michael Lewellen on X. Lwellen, in line with ZachXBT, warned users to avoid interacting with the compound.finance URL, which was redirecting users to the aforementioned site.
The Compoound Finance member also assured that the protocol was not impacted and that the smart contract funds were safe.
MartyFly, a crypto commentator, noted that the phishing link managed to redirect users even if the original site had been bookmarked. Further, refreshing a previous instance of the website opened on a browser also redirected users to the malicious site.
At the time of publication, the URL was not redirecting users to the phishing site. There have been no reports of any funds lost.
The Compound Finance team is yet to make a public statement acknowledging the matter.
History of attacks
This is not the first time the decentralised finance protocol has been compromised. Last year, the project’s X account was targeted by hackers.
The attackers used the social media account to promote another phishing website. The site was advertised as offering free crypto tokens and urged users to click a malicious link.
The incident was later confirmed by the Compound Finance team, stating that hackers retained access for four hours before the X account was recovered.
Launched in 2017, Compound Finance allows users to lend and borrow crypto with a middleman, leveraging smart contracts.
The firm has secured funding from notable names such as Andreessen Horowitz’s a16z crypto, Polychain Capital, Bain Capital, Coinbase Ventures, Paradigm, and Dragonfly Capital.
Meanwhile, phishing activities remain a matter of concern for the cryptocurrency sector.
Earlier this month, the official email address of the Ethereum Foundation was hacked to send phishing emails to 35,794 addresses. The scammers attempted to dupe users in the name of a staking scheme.
Fortunately, no users were affected by the attack.
As previously reported by Invezz, over $300 million worth of cryptocurrency assets were stolen from EVM chains in the first half of 2024 via phishing scams. A 6.44% rise was noted compared to the same period in 2023.
The post Compound Finance gets hacked to host a phishing website appeared first on Invezz
