DeFi Giant Compound Labs Website Compromised in Sophisticated Phishing Attack

Compound Labs issued an urgent alert, confirming that their website may have been compromised.

DeFi lending protocol Compound Labs has issued an urgent warning after its website was compromised in a domain hijacking phishing attack on Thursday.

Onchain investigator ZachXBT was among the first to raise the alarm, quickly informing his crypto community Telegram channel about the incident. He advised users to avoid the compromised Compound Finance website, which was redirecting to a scam site.

According to ZachXBT, the scam site was designed to resemble the real Compound website and featured a pop-up window prompting users to connect their MetaMask wallets. Interacting with the pop-up would lead to the approval of a malicious transaction, ultimately draining the victim's MetaMask wallet.

"The real domain (compound[.]finance) now redirects to the scam site. Be careful out there!" he added.

After receiving multiple reports from users, DeFi data aggregator DeFiLlama also confirmed the incident, flagging the compromised Compound website (compound[.]finance) and urging users to exercise caution.

"The official Compound website (compound[.]finance) has been compromised. Please be careful and do not interact with the site until further notice," DeFiLlama warned.

Later on Thursday evening, Compound Security Advisor Michael Lewellen also acknowledged the incident and advised users to avoid interacting with the site until further notice.

"URGENT: The Compound Labs website (compound[.]finance) has been compromised. Please do not visit the website or clink any links until further notice. An update will be provided when available.

This is our final message // end of tweet," Compound Labs stated in its urgent alert.

However, Lewellen assured the community that the Compound protocol itself and all funds secured by its smart contracts remained unaffected and safe.

"Rest assured that the Compound protocol is not compromised and all funds secured by smart contracts are safe," he added.

"The website compromise is a sophisticated phishing attack that involves domain hijacking. Please be vigilant and follow the instructions carefully."

While waiting for an official statement from Compound Labs, users are advised to remain cautious and avoid interacting with the compromised website or clicking on any suspicious links.

An update will be provided as soon as more information becomes available.

The above is the detailed content of DeFi Giant Compound Labs Website Compromised in Sophisticated Phishing Attack. For more information, please follow other related articles on the PHP Chinese website!