Crypto websites registered to Squarespace are being hijacked and redirected by scammers

Site owners are warning users to take care

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Multiple cryptocurrency projects registered with the Squarespaceweb hostingprovider, were recently targeted with a coordinated DNS hijacking attack. The goal of the attack was to steal their users’ money.

DNS hijacking, also known as DNS redirection, is a type of cyberattack where attackers manipulate theDomain Name System(DNS) to redirect internet traffic to fraudulent websites. This can be done by modifying the DNS settings on a victim’s device, DNS server, or through other means.

So, when the users tried to visit the websites of any of these projects, they were instead redirected to a fake site, which asked them to reconnect theirwallets. Users who didn’t find the request suspicious and did as asked, risked having their funds (both cryptocurrencies and NFTs) drained from their wallets, permanently.

Google Domains migration and MFA woes

Google Domains migration and MFA woes

Some of the projects who were targeted in this wave were Compound Finance, Celer Network, Pendle, and Unstoppable Domains. These confirmed, via social media, that they were attacked, and urged their customers to be careful and use secure alternatives. Users were also advised to revoke approvals for smart contracts, change passwords, and pull their funds to a new account.

At press time, it wasn’t entirely clear how the attackers managed to compromise these accounts. One of the affected projects, Pendle, believes it might have something to do with the recent migration fromGoogleDomains.

“For context - Squarespace purchased all domain registrations and related customer accounts from Google Domains in June 2023, which forced the migration of domains,” Pendle explained in an X post.

“Recently, attackers exploited a vulnerability in Squarespace, hijacking domains hosted on their platform. Security experts are still working out the exact mechanism for the hijacking attacks, but many domains (including Pendle’s) that were migrated from Google to Squarespace have been affected.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ABleepingComputerreport suggests that this “vulnerability” was actually multi-factor authentication (MFA) being disabled as part of the migration. The publication states that there is a Squarespace support topic about Google Domains migration disabling MFA, which urged domain owners to re-enable it.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success