Last updated:
Ether.fi, a liquid restaking protocol, narrowly avoided a security scare after attackers attempted to hijack its domain name through its registrar, Gandi.net.
According to a detailed post by Ether.fi, the incident unfolded on Sept. 24 when the team received an email notification from Gandi indicating a domain recovery request. This triggered the protocol’s existing security measures, including verifying email sender authentication (SPF, DKIM, and DMARC), which ultimately alerted them to a potential attack.
Ether.fi contacted Gandi across multiple platforms, leading to a successful lockdown of their domain account by 7:30 PM UTC. This prevented further tampering and ensured the integrity of their nameserver configuration.
“We are in contact with our domain provider and the domain is locked down. Please continue to avoid our site until we have verified everything is working as expected,” Ether.fi said on its social media.
The company’s X post emphasizes that no internal breach has been detected, and user funds remain safe.
On September 24, https://t.co/gbHcksxzp2 experienced a security incident involving our domain registrar, https://t.co/hW50MConP9
We’re glad to report that all funds are safe, and the attackers at no point presented a compromised dapp on any https://t.co/gbHcksxzp2 related…
— ether.fi (@ether_fi) September 25, 2024
Proactive Approach and Collaboration
Ether.fi credits its proactive approach – including requiring hardware authentication for key platforms – for mitigating the attack and also highlights the importance of domain registrar security practices. “Gandi’s monitoring systems and process, while aggressive, locked down the domain account and prevented any access to our systems, and kept our websites, apps and emails safe from the attempted attack.”
While the full picture remains under investigation, Ether.fi promises further details in collaboration with Gandi within the next two days.
DeFi Under Attack: Recent Security Incidents Raise Concerns
The Ether.fi domain takeover attempt is just one example of the growing number of security incidents affecting the decentralized finance (DeFi) ecosystem. In recent weeks, several other DeFi projects have fallen victim to attacks, highlighting the ongoing challenges in safeguarding user funds and data.
An example is the Ethena website exploit that occurred in September. Ethena Labs, the company behind the synthetic dollar protocol, warned users to avoid interacting with any site or application claiming to be Ethena. According to its X post from Sept. 18, the site’s domain registrar account was compromised, resulting in the temporary shutdown of the site. Despite the exploit, Ethena Labs assured users that the underlying protocol and their funds remained unaffected.
The Ethena domain registrar account was recently compromised and we have taken steps to deactivate the site until further notice.
The protocol is unaffected and funds are safe.
Please do not interact with any site or application purporting to be the Ethena frontend.
— Ethena Labs (@ethena_labs) September 18, 2024
Another high-profile incident involved the Telegram-based cryptocurrency trading bot Banana Gun. This bot allows users to trade on popular blockchains like Ethereum, Solana, and Base. However, on Sept. 19, attackers exploited vulnerabilities in the bot’s code to drain nearly $2 million worth of digital assets from unsuspecting users. Security firm Cyvers identified at least 11 attackers responsible for these thefts.