1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Crypto websites registered to Squarespace are being hijacked and

    From TechnologyDaily@1337:1/100 to All on Mon Jul 15 19:15:05 2024
    Crypto websites registered to Squarespace are being hijacked and redirected
    by scammers

    Date:
    Mon, 15 Jul 2024 19:04:54 +0000

    Description:
    Site owners are warning users to be careful and revoke approvals for smart contracts, if granted.

    FULL STORY ======================================================================

    Multiple cryptocurrency projects registered with the Squarespace web hosting provider, were recently targeted with a coordinated DNS hijacking attack. The goal of the attack was to steal their users money.

    DNS hijacking, also known as DNS redirection, is a type of cyberattack where attackers manipulate the Domain Name System (DNS) to redirect internet
    traffic to fraudulent websites. This can be done by modifying the DNS
    settings on a victim's device, DNS server, or through other means.

    So, when the users tried to visit the websites of any of these projects, they were instead redirected to a fake site, which asked them to reconnect their wallets . Users who didnt find the request suspicious and did as asked,
    risked having their funds (both cryptocurrencies and NFTs) drained from their wallets, permanently. Google Domains migration and MFA woes

    Some of the projects who were targeted in this wave were Compound Finance, Celer Network, Pendle, and Unstoppable Domains. These confirmed, via social media, that they were attacked, and urged their customers to be careful and use secure alternatives. Users were also advised to revoke approvals for
    smart contracts, change passwords, and pull their funds to a new account.

    At press time, it wasnt entirely clear how the attackers managed to
    compromise these accounts. One of the affected projects, Pendle, believes it might have something to do with the recent migration from Google Domains.

    "For context - Squarespace purchased all domain registrations and related customer accounts from Google Domains in June 2023, which forced the
    migration of domains," Pendle explained in an X post.

    "Recently, attackers exploited a vulnerability in Squarespace, hijacking domains hosted on their platform. Security experts are still working out the exact mechanism for the hijacking attacks, but many domains (including Pendle's) that were migrated from Google to Squarespace have been affected."

    A BleepingComputer report suggests that this vulnerability was actually multi-factor authentication (MFA) being disabled as part of the migration.
    The publication states that there is a Squarespace support topic about Google Domains migration disabling MFA, which urged domain owners to re-enable it. More from TechRadar Pro A new macOS backdoor could let hackers hijack your device without you knowing Here's a list of the best firewalls today These
    are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/crypto-websites-registered-to-squarespa ce-are-being-hijacked-and-redirected-by-scammers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)