ZachXBT, a crypto investigator, has advised users to refrain from accessing the Compound Finance website, as it appears compromised and may redirect visitors to a phishing site.
The security investigator issued a post on Telegram on July 11, informing the community to refrain from visiting the website for the time being. This website redirects to a newly registered fraudulent site, which may pose a significant security risk, as per ZachXBT.
In the interim, a member of the Compound Finance team verified the breach and recommended that users refrain from engaging with the site to prevent the potential loss of personal data and funds.
The Compound Finance DAO’s security adviser, Michael Lewellen, informed users of the breach. The URL is currently hosting a fraud website, as per Lewellen. The security advisor cautioned users against engaging with the website. Nevertheless, Lewellen reassured users that the protocol was unaffected and that the smart contract funds were secure.
Compound Finance’s X Account Hack
Security breaches are not unfamiliar to the organization. Hackers seized control of the official X account of the decentralized finance (DeFi) protocol in 2023. Like the most recent incident, the hackers utilized the company’s social media platform to advertise a fraudulent website.
At that time, the account promoted free crypto tokens through an advertisement. Additionally, it encouraged users to click on a URL that replicated the protocol’s official website. Nevertheless, it was promptly identified as a fraudulent scheme.
The cybersecurity blogger Officer’s Notes and the blockchain security platform Scam Sniffer verified that the account had posted fraudulent links.
The Compound Labs team confirmed they were compromised for four hours on December 30, 2023, before recovering the account. Additionally, they advised their respective users that they had eliminated the spam messages.
In 2024, phishing attacks resulted in losses of nearly $498 million
Ronghui Gu, co-founder of CertiK and CEO, encouraged the community to anticipate assaults as the market expands on April 4. The company observed that phishing attacks in the crypto space had reached “alarming levels” then.
The company reported on July 3 that losses in crypto security incidents totaled $1.19 billion during the first half of 2024. According to the report, phishing attacks were responsible for nearly $498 million in digital asset losses. For this reason, Gu underscored the necessity of enhanced security protocols and multifactor authentication.