Ether.fi Thwarts Domain Takeover Attempt, User Funds Remain Safe

Last updated:

Editor

Veronika Rinecker

Editor

Veronika Rinecker

About Author

Veronika Rinecker is based in Germany, studied international journalism and media management. She specializes in politics and regulation, energy, blockchain, and fintech. Since 2017, she has been…

Last updated:

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

Ether.fi, a liquid restaking protocol, narrowly avoided a security scare after attackers attempted to hijack its domain name through its registrar, Gandi.net.

According to a detailed post by Ether.fi, the incident unfolded on Sept. 24 when the team received an email notification from Gandi indicating a domain recovery request. This triggered the protocol’s existing security measures, including verifying email sender authentication (SPF, DKIM, and DMARC), which ultimately alerted them to a potential attack.

Ether.fi contacted Gandi across multiple platforms, leading to a successful lockdown of their domain account by 7:30 PM UTC. This prevented further tampering and ensured the integrity of their nameserver configuration.

“We are in contact with our domain provider and the domain is locked down. Please continue to avoid our site until we have verified everything is working as expected,” Ether.fi said on its social media.

The company’s X post emphasizes that no internal breach has been detected, and user funds remain safe.

Proactive Approach and Collaboration

Ether.fi credits its proactive approach – including requiring hardware authentication for key platforms – for mitigating the attack and also highlights the importance of domain registrar security practices. “Gandi’s monitoring systems and process, while aggressive, locked down the domain account and prevented any access to our systems, and kept our websites, apps and emails safe from the attempted attack.”

While the full picture remains under investigation, Ether.fi promises further details in collaboration with Gandi within the next two days.

DeFi Under Attack: Recent Security Incidents Raise Concerns

The Ether.fi domain takeover attempt is just one example of the growing number of security incidents affecting the decentralized finance (DeFi) ecosystem. In recent weeks, several other DeFi projects have fallen victim to attacks, highlighting the ongoing challenges in safeguarding user funds and data.

An example is the Ethena website exploit that occurred in September. Ethena Labs, the company behind the synthetic dollar protocol, warned users to avoid interacting with any site or application claiming to be Ethena. According to its X post from Sept. 18, the site’s domain registrar account was compromised, resulting in the temporary shutdown of the site. Despite the exploit, Ethena Labs assured users that the underlying protocol and their funds remained unaffected.

Another high-profile incident involved the Telegram-based cryptocurrency trading bot Banana Gun. This bot allows users to trade on popular blockchains like Ethereum, Solana, and Base. However, on Sept. 19, attackers exploited vulnerabilities in the bot’s code to drain nearly $2 million worth of digital assets from unsuspecting users. Security firm Cyvers identified at least 11 attackers responsible for these thefts.

You May Also Like