Compound Finance security researcher Michael Lewellen confirmed the hack. It was a phishing attack involving a domain takeover. The legitimate URL of the website was compromised and replaced with a phishing site to steal customers’ information and digital assets. When users visit the Compound Finance website, they are redirected to a fraudulent site called complex-finance[.]app.
Lewellen cautioned users against any interaction with the website until further notice. He assured that the Compound Finance decentralized finance protocol remains unaffected and all user funds are safe. Users are also urged to remain vigilant and take comprehensive security measures, including multi-factor authentication, to protect their assets.
URGENT: The Compound Labs website (compound[.]finance) has been compromised.
Please do not visit the website or click any links until further notice. An update will be provided when available.
This is our final message // end of tweet.
— Compound Labs (@compoundfinance) July 11, 2024
Last year, hackers managed to compromise Compound Finance’s social media account X to promote a phishing site, resulting in the loss of about $4.4 million in LINK tokens.
In 2021, the Compound Finance protocol suffered from a bug in the Comptroller contract, which distributes liquidity mining rewards. $22 million worth of COMP tokens were withdrawn from the protocol.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
