{"id":94714,"date":"2024-09-25T09:57:20","date_gmt":"2024-09-25T13:57:20","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=94714"},"modified":"2024-09-25T09:59:06","modified_gmt":"2024-09-25T13:59:06","slug":"ether-fi-prevents-domain-account-takeover","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/ether-fi-prevents-domain-account-takeover\/","title":{"rendered":"ETher.fi Prevents Domain Account Takeover, Secures User Funds"},"content":{"rendered":"\n

Ether.fi asserts security updates and partners for preventing a domain account takeover<\/a> before user funds were taken.<\/p>\n\n\n\n

\"ETher.fi<\/figure>\n\n\n\n

Ether.fi, a decentralized finance (DeFi) staking platform, reported that no user funds were compromised following a recent domain takeover attempt.<\/p>\n\n\n\n

On Sept. 24, the protocol experienced an attempted domain account hijacking through their registrar, Gandi.net. Fortunately, the attack was stopped before any significant damage could be done.<\/p>\n\n\n\n

The Ether.fi team confirmed that attackers were unable to deploy a malicious decentralized application (DApp) on any of their domains.<\/p>\n\n\n\n

\n

On September 24, https:\/\/t.co\/gbHcksxzp2\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> experienced a security incident involving our domain registrar, https:\/\/t.co\/hW50MConP9<\/use><\/svg><\/span><\/a>

We\u2019re glad to report that all funds are safe, and the attackers at no point presented a compromised dapp on any https:\/\/t.co\/gbHcksxzp2\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> related\u2026<\/p>— ether.fi (@ether_fi) September 25, 2024<\/use><\/svg><\/span><\/a><\/blockquote>

Ether.fi's Response to the Attack<\/h2>\n\n\n\n

The breach began on Sept. 24 when Ether.fi received a recovery notification email from Gandi.net at 4:38 pm UTC. <\/p>\n\n\n\n

Upon further verification using security measures like “SPF, DKIM, and DMARC authentication records,”<\/em> the team realized the email was part of the attack.<\/p>\n\n\n\n

According to an official post <\/use><\/svg><\/span><\/a>on Ether.fi\u2019s Gitbook, “it was established an attacker attempted to use the legitimate Gandi recovery flow to gain access to etherfi\u2019s Gandi account.”<\/em> Ether.fi quickly contacted Gandi through various channels, and by 7:30 pm UTC, the account was secured to prevent further tampering.<\/p>\n\n\n\n

Security Enhancements<\/h2>\n\n\n\n

Prior security upgrades helped mitigate the domain takeover threat. Weeks before the attack, Ether.fi had observed a rise in similar exploitation attempts across other platforms.<\/p>\n\n\n\n

As a result, the protocol upgraded its key systems to require hardware authentication for account recovery and management. <\/p>\n\n\n\n

The Ether.fi team credited security partners like Seal911, Doppel, Ethena<\/a>, and Distrust for their swift assistance during the attack.<\/p>\n\n\n\n

User Communication and Fund Safety<\/h2>\n\n\n\n

At 7:13 pm UTC on Sept. 24, Ether.fi advised its users via social media platform X not to “click on any links”<\/em> or engage with their domain. They clarified that official updates would only come through X or Discord and not via email.<\/p>\n\n\n\n

After resolving the issue, Ether.fi reassured users that “all funds are safe”<\/em> and that attackers had “no opportunity”<\/em> to deploy any malicious DApps “on any ether.fi-related domain.”<\/em><\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Ether.fi asserts security updates and partners for preventing a domain account takeover before user funds were taken. Ether.fi, a decentralized finance (DeFi) staking platform, reported that no user funds were compromised following a recent domain takeover attempt. On Sept. 24, the protocol experienced an attempted domain account hijacking through their registrar, Gandi.net. Fortunately, the attack […]<\/p>\n","protected":false},"author":56,"featured_media":94729,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[3964,1996,197,128,937,11246],"class_list":["post-94714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-cybersecurity","tag-decentralization","tag-defi","tag-ethereum","tag-hackers","tag-security"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2024\/09\/ETher.fi-Prevents-Domain-Account-Takeover-Secures-User-Funds-1.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/94714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/56"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=94714"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/94714\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/94729"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=94714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=94714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=94714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}