https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&feed=atom&title=Compound_Finance_Official_Website_DNS_HijackingCompound Finance Official Website DNS Hijacking - Revision history2026-05-01T09:05:31ZRevision history for this page on the wikiMediaWiki 1.39.1https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Compound_Finance_Official_Website_DNS_Hijacking&diff=6116&oldid=prevAzoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/compoundfinanceofficialwebsitednshijacking.php}} {{Unattributed Sources}} Compound Finance LogoCompound Finance is one of the most popular decentralized finance protocols for loans. They used SquareSpace as their domain registrar. Early in the morning of July 11th, their domain was hijacked, and pointed users to a malicious wallet draining application...."2024-09-18T21:57:26Z<p>Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/compoundfinanceofficialwebsitednshijacking.php}} {{Unattributed Sources}} <a href="/cryptocurrencyhackscamfraudwiki/index.php?title=File:Compoundfinance.jpg" title="File:Compoundfinance.jpg">thumb|Compound Finance Logo</a>Compound Finance is one of the most popular decentralized finance protocols for loans. They used SquareSpace as their domain registrar. Early in the morning of July 11th, their domain was hijacked, and pointed users to a malicious wallet draining application...."</p>
<p><b>New page</b></p><div>{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/compoundfinanceofficialwebsitednshijacking.php}}<br />
{{Unattributed Sources}}<br />
<br />
[[File:Compoundfinance.jpg|thumb|Compound Finance Logo]]Compound Finance is one of the most popular decentralized finance protocols for loans. They used SquareSpace as their domain registrar. Early in the morning of July 11th, their domain was hijacked, and pointed users to a malicious wallet draining application. They are among a few domains hosted on SquareSpace which were hijacked. It is unclear how many users were drained from this attack.<ref name="slowmisthackedarchive-14638" /><ref name="lewellenmichaeltwitter-14698" /><ref name="compoundfinancetwitter-14699" /><ref name="mayhalltwitter-14700" /><ref name="blockaidtwitter-14701" /><ref name="thepulsewallettwitter-14702" /><ref name="0xngmitwitter-14703" /><ref name="dankazenofftwitter-14704" /><ref name="mwctwitter-14705" /><ref name="protos-14706" /><ref name="pelehsergiitwitter-14707" /><ref name="mlionaitwitter-14708" /><ref name="thebloktalktwitter-14709" /><ref name="ankitavtwitter-14710" /><ref name="quadrigainitiative-14711" /><br />
<br />
== About Compound Finance ==<br />
<br />
"Compound Finance is one of the most widely used protocols in the DeFi ecosystem. Deployed on Ethereum, its purpose is to issue automatic, permissionless loans of Ether and various ERC20 tokens. As of February 2022, the protocol held more than $10 billion in assets across 18 markets."<br />
<br />
"To invest in Compound, users deposit Ether or supported ERC20 tokens into one of the protocol’s markets. In exchange, they receive cTokens for that market, with which they can redeem their investment. Compound’s cTokens are differentiated and denominated according to the underlying asset. For example, investors who deposit Ether (ETH) receive cETH tokens, which are redeemable for ETH. Similarly, investors who deposit USDC receive cUSDC tokens, which are redeemable for USDC, and so on. In addition to being redeemable for the underlying asset, cTokens can be traded according to their market value."<br />
<br />
"The total value of each market increases as funds are lent out and repaid. As the value held in a market grows, the cTokens for that market increase in value and can be redeemed for more of the underlying asset. In this way, investors accrue interest. When the protocol operates as intended, the value of a cToken relative to its underlying asset should only increase, i.e., only positive interest rates should be possible."<br />
<br />
== The Reality ==<br />
This sections is included if a case involved deception or information that was unknown at the time. Examples include:<br />
<br />
* When the service was actually started (if different than the "official story").<br />
* Who actually ran a service and their own personal history.<br />
* How the service was structured behind the scenes. (For example, there was no "trading bot".)<br />
* Details of what audits reported and how vulnerabilities were missed during auditing.<br />
<br />
== What Happened ==<br />
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.<br />
{| class="wikitable"<br />
|+Key Event Timeline - Compound Finance Official Website DNS Hijacking<br />
!Date<br />
!Event<br />
!Description<br />
|-<br />
|July 11th, 2024 12:49:00 AM MDT<br />
|ZachXBT Reporting<br />
|ZachXBT tweets to announce that the Compound Finance website appears to be redirecting to another malicious phishing site.<br />
|-<br />
|July 11th, 2024 12:50:00 AM MDT<br />
|Tweet Report<br />
|A tweet reports that the Compound Finance website is redirecting to a phishing website compound-finance.app.<br />
|-<br />
|July 11th, 2024 1:37:00 AM MDT<br />
|Michael Lewellen Tweet<br />
|Michael Lewellen tweets to notify that the Compound Finance website appears to be hijacked and is currently hosting a phishing site.<br />
|-<br />
|July 11th, 2024 3:15:00 AM MDT<br />
|Compound Labs Tweet<br />
|Compound Labs reports that their domain is hijacked and they will be providing an update.<br />
|-<br />
|July 11th, 2024 5:35:00 AM MDT<br />
|CoinDesk Article<br />
|CoinDesk publishes an article on both domain hijackings.<br />
|-<br />
|July 11th, 2024 9:32:00 AM MDT<br />
|BlockAid Tweet/Analysis<br />
|BlockAid tweets to notify about the developing situation. They report that both Compound Finance and Celer Network are found to be hijacked. The sites are traced to use the Inferno Drainer malware.<br />
|-<br />
|July 11th, 2024 11:00:00 AM MDT<br />
|SquareSpace Security Breaches<br />
|Reportedly, multiple websites are targeted.<br />
|-<br />
|July 13th, 2024 5:28:00 AM MDT<br />
|BlokTalk Tweet<br />
|BlokTalk reports on the potential breach of the Pendle Finance website.<br />
|}<br />
<br />
== Technical Details ==<br />
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?<br />
<br />
== Total Amount Lost ==<br />
The total amount lost is unknown.<br />
<br />
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?<br />
<br />
== Immediate Reactions ==<br />
"Compound DAO security advisor Michael Lewellen tweeted that the Compound Finance official website (http://compound.finance) has been compromised and is currently hosting a phishing site. Do not interact with the site until further notice."<br />
<br />
"ALERT: The http://compound.finance URL has been compromised and is currently hosting a phishing site. DO NOT interact with the http://compound.finance website until further notice.<br />
<br />
The Compound protocol itself is not impacted and all smart contract funds are safe."<br />
<br />
"URGENT: The Compound Labs website (compound[.]finance) has been compromised. <br />
<br />
Please do not visit the website or clink any links until further notice. An update will be provided when available."<br />
<br />
"BREAKING: Multiple cryptocurrency platforms tied to Squarespace, including Compound Finance and Celer Network, reported security breaches affecting their websites. <br />
<br />
The breach appears to be a DNS attack, adding to the long list of crypto hacks so far in 2024."<br />
<br />
"Security advisor to the Compound DAO, Michael Lewellen, posted a community alert via X (formerly Twitter), urging users to avoid the platform’s website. Compound Finance confirmed the attack 90 minutes later. The breach was highlighted earlier by ZachXBT via Telegram."<br />
<br />
== Ultimate Outcome ==<br />
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?<br />
<br />
== Total Amount Recovered ==<br />
The total amount recovered is unknown.<br />
<br />
What funds were recovered? What funds were reimbursed for those affected users?<br />
<br />
== Ongoing Developments ==<br />
What parts of this case are still remaining to be concluded?<br />
== Individual Prevention Policies ==<br />
{{Prevention:Individuals:Placeholder}}<br />
<br />
{{Prevention:Individuals:End}}<br />
<br />
== Platform Prevention Policies ==<br />
{{Prevention:Platforms:Placeholder}}<br />
<br />
{{Prevention:Platforms:End}}<br />
<br />
== Regulatory Prevention Policies ==<br />
{{Prevention:Regulators:Placeholder}}<br />
<br />
{{Prevention:Regulators:End}}<br />
<br />
== References ==<br />
<references><ref name="slowmisthackedarchive-14638">[https://web.archive.org/web/20240711160134/https://hacked.slowmist.io/ SlowMist Hacked - SlowMist Zone] (Accessed Jul 11, 2024)</ref><br />
<br />
<ref name="lewellenmichaeltwitter-14698">[https://twitter.com/LewellenMichael/status/1811303839888261530 @LewellenMichael Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="compoundfinancetwitter-14699">[https://twitter.com/compoundfinance/status/1811328333063520683 @compoundfinance Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="mayhalltwitter-14700">[https://twitter.com/Mayhall_/status/1811291962768871569 @Mayhall_ Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="blockaidtwitter-14701">[https://twitter.com/blockaid_/status/1811423288763318307 @blockaid_ Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="thepulsewallettwitter-14702">[https://twitter.com/ThePulseWallet/status/1811291724637245561 @ThePulseWallet Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="0xngmitwitter-14703">[https://twitter.com/0xngmi/status/1811376786799784348 @0xngmi Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="dankazenofftwitter-14704">[https://twitter.com/DanKazenoff/status/1811422512359874593 @DanKazenoff Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="mwctwitter-14705">[https://twitter.com/_mwc/status/1811432212824481970 @_mwc Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="protos-14706">[https://protos.com/compound-finance-and-celer-network-websites-compromised-in-front-end-attacks/ Compound Finance and Celer Network websites compromised in ‘front-end’ attacks] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="pelehsergiitwitter-14707">[https://twitter.com/PelehSergii/status/1811430583739772938 @PelehSergii Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="mlionaitwitter-14708">[https://twitter.com/MLion_AI/status/1811580481110180071 @MLion_AI Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="thebloktalktwitter-14709">[https://twitter.com/TheBlokTalk/status/1812086819468743042 @TheBlokTalk Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="ankitavtwitter-14710">[https://twitter.com/ankitav/status/1811445433191006235 @ankitav Twitter] (Accessed Jul 15, 2024)</ref><br />
<br />
<ref name="quadrigainitiative-14711">[https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Compound_Finance_Live_Critical_Vulnerability Compound Finance Live Critical Vulnerability - Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository] (Accessed Jul 15, 2024)</ref></references></div>Azoundria