Lack of MFA blamed for Squarespace crypto domains under DNS attack

Published:

Cryptocurrency Domains at Risk After Squarespace DNS Hijacking Attack

Over 200 cryptocurrency domains registered with Squarespace are at risk following a massive DNS hijacking attack that started on Thursday. The attack initially affected websites of blockchain projects like Compound and Celer Networks, but the impact has since spread to more than 220 crypto domains.

The incident has been linked to the recent migration of 10 million domains due to Squarespace’s buyout deal with Google Domains in September 2023. The forced migration removed two-factor authentication, leaving the domains vulnerable to hijacking.

Both Compound and Celer Networks issued warnings to their customers to avoid their websites until the situation was resolved. Fortunately, both companies were able to restore normal operations by Friday.

Unstoppable Domains, another company registered with Squarespace, also reported being under attack and advised users to stay away from their website. Despite efforts to rectify the situation, the Cybernews team was unable to load Unstoppable Domain’s website on Friday.

Squarespace has not issued a statement on the DNS hijacking incident, and no threat actor has claimed responsibility for the attack. Other Squarespace domains like Peddle.com, Blockaid, and MetaMask have also reported hijacking incidents.

DNS attacks, like the one targeting Squarespace, can redirect users to malicious websites or allow hackers to gain unauthorized access to servers. It is essential for users to exercise caution and avoid interacting with potentially compromised domains during this time.

Related articles

Recent articles