Compound Finance site compromised in phishing attack

The frontend of decentralized finance giant Compound Finance was compromised on Thursday and is now hosting a phishing site, developers said in an X-post. Shortly after, developers of blockchain project Celer said the site had also been attacked by a malicious actor and was now hosting a draining service.

“We are investigating a possible DNS domain attack that appears to be hitting multiple projects at once,” the Celer developers said in an X-post.

The Compound(.)finance site will redirect to “compound-finance.app” starting in the European morning hours on Thursday.

Security researcher Michael Lewellen noted that the latter is a skimming tool that drains funds whenever a user interacts with it. Therefore, the actual Compound protocol remains untouched and all existing user deposits are safe.

Compound allows users to deposit, lend and borrow tokens over the Ethereum blockchain. As of Thursday, it held over $2.3 billion worth of assets, making it one of the largest DeFi services in the industry.

Phishing attacks involve sending fraudulent messages that appear to come from a legitimate source. These attacks are a major problem across the cryptocurrency market, with over $104 million stolen from unsuspecting users in the first two months of 2024 alone.

Data from CoinGecko shows that prices of Compound’s COMP token have barely changed over the past 24 hours.

UPDATE (July 11, 12:30 UTC): Updated headline and story on Celer network compromise.