On July 12, 2024, the cryptocurrency world watched as some of the most trusted DeFi platforms — including Compound Labs and Pendle — had their websites hijacked by attackers who redirected visitors to phishing pages designed to steal digital assets. The attacks targeted Squarespace, the domain registrar hosting these platforms, exposing a vulnerability that put millions of dollars at risk. If you are new to cryptocurrency, this event might seem alarming, but understanding what happened and how to protect yourself is straightforward. Here is everything you need to know.
The Basics
Every website on the internet has a domain name — like compound.finance or pendle.finance — that tells your browser where to find it. The Domain Name System, or DNS, works like a phone book that matches domain names to the numerical addresses where websites actually live. A DNS hijack happens when someone changes the entries in that phone book so that a legitimate domain name sends you to a fake website instead. In this case, attackers exploited weaknesses in how Squarespace managed domain transfers from Google Domains, allowing them to take control of crypto platform domains and point them to malicious copies.
Why It Matters
When you connect your crypto wallet to a website, you are trusting that the website is genuine. If an attacker has hijacked the domain, the fake site can look identical to the real one but will capture your wallet connection and trick you into approving transactions that drain your funds. With Bitcoin trading around $57,900 and Ethereum at $3,134 at the time, even a small mistake could result in significant losses. This particular attack affected major, well-known platforms — not obscure projects — which makes it especially concerning for everyday users who trust these names.
Getting Started Guide
Protecting yourself from DNS hijacking attacks is easier than you might think. First, always bookmark the official URLs of the crypto platforms you use regularly. Access them only through these saved bookmarks rather than typing the URL or clicking links from emails or social media. Second, before connecting your wallet to any website, check the URL carefully in your browser’s address bar. Look for the correct domain name and ensure there is a padlock icon indicating a secure connection — though be aware that even hijacked sites can have valid SSL certificates. Third, consider using a hardware wallet like a Ledger or Trezor for your significant holdings. Hardware wallets require you to physically press a button on the device to approve transactions, which means even if a fake website tricks you, the transaction details displayed on your hardware wallet’s screen will show the actual destination, giving you a chance to cancel before it is too late.
Common Pitfalls
New crypto users often make several mistakes that leave them vulnerable to these attacks. Many rely on search engines to find crypto platform websites, which can surface phishing links that look legitimate. Some users ignore the URL bar entirely, assuming that if a website looks correct, it must be real. Others store all their crypto in browser-based software wallets, which have no independent screen to verify transaction details. Another common mistake is approving unlimited token spending when interacting with DeFi protocols — even if you trust the protocol, a DNS hijack could redirect you to a malicious contract that drains your tokens.
Next Steps
Start by reviewing all the crypto platforms you currently use and bookmark their official URLs. Consider moving your larger holdings to a hardware wallet if you have not already. When interacting with DeFi protocols, always verify transaction details on your hardware wallet’s screen before confirming. Follow trusted security researchers on social media who often post early warnings about DNS hijacks and other attacks. Stay informed about the platforms you use — many maintain status pages or social media channels where they announce security incidents. The crypto space rewards proactive security practices, and taking these simple steps will significantly reduce your risk exposure.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making investment decisions.
this is exactly why i use ENS + IPFS for anything serious. DNS is fundamentally broken for high-value targets
ENS is cool until you realize most users will still type compound.finance in their browser. UI layer attacks work because humans are the weak link
ENS + IPFS is good in theory but most users will never bother. the UX gap is the real vulnerability
bookmarking a few legit IPFS hashes for the protocols i use. at least then DNS hijacks dont matter
good explainer for beginners. the part about Squarespace disabling MFA during migration is wild, how does that pass any security audit
disabling MFA during migration is such an obvious failure mode. every migration guide in existence says enforce MFA, never drop it
dropping MFA during migration is security 101 failure. google to squarespace transfer was a known vector for months before these attacks
compound and pendle are lucky it was just phishing and not contract drains. DNS hijack + fake contract interaction would have been way worse
the part about checking for contract drains is smart. DNS hijack into fake approval page is next level evil