Compound Finance Website Hijacked: Users Warned of Phishing Threat

Crypto investigator ZachXBT has issued a warning to users regarding the Compound Finance website, which appears to have been compromised. On July 11, ZachXBT alerted the community via a post on Telegram, advising them to avoid the website. According to the investigator, the site is redirecting visitors to a newly registered phishing site, posing a significant security risk.

Confirmation from Compound Finance Team

Michael Lewellen, a security adviser at the Compound Finance DAO, confirmed the breach. Lewellen emphasized that the URL has been compromised and is now hosting a phishing site. He urged users not to interact with the site to avoid potential losses of personal data and funds. Despite the breach, Lewellen reassured users that the protocol itself remains unaffected and that smart contract funds are secure.

Previous Security Incidents

This is not the first time Compound Finance has faced security issues. In 2023, the decentralized finance (DeFi) protocol's official X (formerly Twitter) account was hacked. The hackers exploited the account to promote a phishing website, posting an advertisement for free crypto tokens and urging users to click a link that mimicked the official site. The breach was quickly flagged as a scam by cybersecurity blogger Officer’s Notes and blockchain security platform Scam Sniffer. Compound Labs managed to recover the account after four hours and removed the spam messages.

Rising Threat of Phishing Attacks in Crypto

Phishing attacks have become increasingly prevalent in the crypto space. On April 4, CertiK CEO and co-founder Ronghui Gu warned the community to prepare for such attacks as the market continues to grow. By July 3, it was reported that losses in crypto security incidents had reached $1.19 billion in the first half of 2024, with nearly $498 million attributed to phishing attacks. Gu emphasized the importance of multifactor authentication and improved security practices to combat these threats.

The recent breach of the Compound Finance website underscores the ongoing security challenges facing the crypto industry. Users are advised to remain vigilant and avoid interacting with compromised sites to protect their personal data and funds. The incident serves as a reminder of the importance of robust security measures and the need for continuous vigilance against phishing attacks.