Points
- Compound Finance’s website has been compromised, redirecting users to a phishing site.
- Security adviser Michael Lewellen confirmed the breach but assured that protocol funds are safe.
- This is not the first security breach for Compound Finance, highlighting the need for enhanced security measures.
- The crypto market has shown resilience, recovering a significant portion of stolen funds in recent incidents.
The Compound Finance website has apparently fallen victim to a hijacking incident, according to crypto investigator ZachXBT. The investigator revealed that the website has been redirecting users to a recently registered phishing site, raising concerns about the safety of personal data and funds.
Compound Finance Confirms Breach
Confirming the breach, a member of the Compound Finance team encouraged users to avoid interacting with the compromised website. Michael Lewellen, a security adviser at the Compound Finance DAO, disclosed that the URL had been compromised and was currently hosting a phishing platform. Lewellen cautioned users against engaging with the site but assured them that the protocol itself remained unaffected, with funds secured by the smart contracts.
The Compound protocol itself is not impacted and all smart contract funds are safe.
https://twitter.com/LewellenMichael/status/1811303839888261530
Notably, this is not the first time Compound Finance has encountered such security breaches. In 2023, the decentralized finance (DeFi) protocol’s official account, known as X, was hijacked by hackers who exploited the company’s social media platform to promote a phishing website. The compromised account posted an advertisement offering free crypto tokens and directed users to click on a link that impersonated the official site. However, the scam was swiftly identified and flagged by vigilant users.
Cyber
security blogger Officer’s Notes and blockchain security platform Scam Sniffer both confirmed that the compromised account had been sharing phishing links. Earlier this year, on April 4, Ronghui Gu, the CEO and co-founder of CertiK, urged the crypto community to proactively prepare for security attacks as the market continued to expand. At the time, he said there has been a concerning rise in phishing attacks within the crypto space, prompting the call for enhanced security practices.
Recent Crypto Market Resilience
In a recent report on July 3, the company noted that losses from crypto security incidents had amounted to $1.19 billion in the first half of 2024, with nearly $498 million attributed to phishing attacks. Despite these alarming figures, the cryptocurrency market has shown great resilience, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024. In Q2 2024, $347.4 million of the stolen crypto funds were successfully recovered or frozen out of the total $512.9 million lost, according to Hacken’s Web3 Security Report Q2 2024.
“For the second consecutive quarter, the silver lining amid the alarming rate of theft in crypto is the amount of funds recovered,” the report wrote.
It is worth noting that cryptocurrency scams have thrived on X, with analysts attributing a significant portion of all crypto scams to scammers on the platform. Scam Sniffer, a web3 anti-scam company present on X, conducted an analysis revealing that nearly $50 million is lost each month due to account impersonation on X.com.
Just recently, Binance co-founder Yi He raised concerns about the proliferation of cryptocurrency scams on X, questioning whether Musk would take action to tackle the issue.