The Compound Labs team has warned that the website of the DeFi protocol Compound Finance has been subject to a phishing attack. Users are advised not to interact with the site to avoid losing funds.

Compound Finance security researcher Michael Lewellen confirmed the hack. It was a phishing attack involving a domain takeover. The legitimate URL of the website was compromised and replaced with a phishing site to steal customers’ information and digital assets. When users visit the Compound Finance website, they are redirected to a fraudulent site called complex-finance[.]app.

Lewellen cautioned users against any interaction with the website until further notice. He assured that the Compound Finance decentralized finance protocol remains unaffected and all user funds are safe. Users are also urged to remain vigilant and take comprehensive security measures, including multi-factor authentication, to protect their assets.

Last year, hackers managed to compromise Compound Finance’s social media account X to promote a phishing site, resulting in the loss of about $4.4 million in LINK tokens.

In 2021, the Compound Finance protocol suffered from a bug in the Comptroller contract, which distributes liquidity mining rewards. $22 million worth of COMP tokens were withdrawn from the protocol.