A wave of coordinated Domain Name System hijacking attacks targeting cryptocurrency platforms registered with Squarespace has exposed fundamental weaknesses in how the industry safeguards its web infrastructure. Between July 9 and July 12, 2024, at least four major DeFi platforms — including Compound Labs, CelerNetwork, and Pendle — saw their domains redirected to phishing sites designed to drain connected wallets of funds and NFTs. With Bitcoin trading near $57,900 and Ethereum at $3,134, the potential losses from a successful phishing redirect were enormous.
The Exploit Mechanics
The attacks exploited a vulnerability in Squarespace’s account migration process following its 2023 acquisition of Google Domains. When domain owners whose registrations had been transferred from Google Domains to Squarespace created new accounts, they could sign up using their email address — but Squarespace did not require password authentication or multi-factor authentication during this step. Attackers discovered they could preemptively create accounts using the email addresses associated with targeted domains, effectively seizing control before the legitimate owners could register. Security researcher Taylor Monahan noted that Squarespace also failed to send email notifications for critical account actions, leaving domain owners completely unaware that their assets were being hijacked.
Affected Systems
Compound Labs, one of the largest DeFi lending protocols on Ethereum, posted an urgent warning on July 11 that its main domain compound.finance had been compromised. CelerNetwork, a blockchain scaling solutions provider, detected an attempted takeover of its domains through 24/7 domain security monitoring and successfully restored all DNS records before users could be harmed. Pendle, a DeFi protocol for trading tokenized yields, was also hit and urged users to verify the address bar and clear browser caches. More than 200 cryptocurrency-related domains registered with Squarespace were identified as potentially at risk, according to security researchers tracking the campaign.
The Mitigation Strategy
CelerNetwork’s successful defense demonstrated the value of continuous domain monitoring. Their 24/7 security team intercepted the hijack attempt in real time and restored DNS records before any damage occurred. Compound Labs took the approach of immediately warning users through social media channels to avoid the compromised domain. Pendle confirmed that while its domain was briefly compromised, the underlying protocol and user funds remained safe — highlighting the importance of protocol-level security independent of frontend access. Squarespace responded by tightening account creation procedures, though the company was criticized for the delayed response.
Lessons Learned
This incident underscores a painful truth: the security of a DeFi protocol is only as strong as its weakest infrastructure link. Billions of dollars in total value locked can be put at risk not by a smart contract vulnerability, but by a domain registrar’s weak authentication defaults. The migration from Google Domains to Squarespace created a window of vulnerability that sophisticated attackers identified and exploited systematically. The crypto industry must treat domain security as a first-class concern alongside smart contract audits and key management.
User Action Required
If you interact with any DeFi platform, verify the URL in your browser’s address bar before connecting a wallet or signing transactions. Bookmark trusted protocol URLs and access them only through saved bookmarks. Use hardware wallets for significant holdings, which require physical confirmation of transaction details independent of what a compromised website might display. Enable multi-factor authentication on all domain registrar accounts and monitor DNS records using tools like DNS monitoring services that alert you to unauthorized changes.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making investment decisions.
compound labs and pendle getting hit in the same window is terrifying. one registrar migration and suddenly your defi protocol is a phishing page
celer was hit too. three defi protocols in 72 hours because one registrar couldnt be bothered with basic verification
dns_wizard compound had been live for years and got taken down by a domain hijack. your smart contract security means nothing if someone can redirect your frontend
google domains to squarespace transition created the perfect storm. no password, no mfa, just create an account with someones email and steal their domain
no mfa on domain transfers is a 2005 level security fail. squarespace bought google domains and somehow made it worse
no MFA on enterprise DNS management in 2024 is genuinely embarrassing. squarespace should have caught this during the migration QA
Ana Petrova the google domains to squarespace migration was botched from the start. no forced password reset on migrated accounts is security 101 failure
200 crypto domains potentially vulnerable. the fact that this was preventable with basic account verification makes it worse
^ squarespace really dropped the ball on this one. enterprise dns management should require more than email signup
200 vulnerable domains is a supply chain attack at protocol level. one registrar single point of failure for an entire ecosystem
200 domains vulnerable and only 4 were hit. means the attackers were targeted not opportunistic. they knew exactly which protocols to go after
Compound, Celer, and Pendle all got hijacked through the same Squarespace migration flaw. three major DeFi protocols and the root cause was an email signup form with no MFA. insane
the Google Domains to Squarespace migration was a disaster for crypto infrastructure. thousands of domains transferred and the security model was basically create an account and claim it