In a significant security alert, crypto investigator ZachXBT has raised alarms about the Compound Finance website, which appears to have been hijacked. On July 11, ZachXBT warned the crypto community via Telegram to steer clear of the site, revealing that it redirects to a newly registered phishing site, posing a severe security risk.
Confirming the breach, a Compound Finance team member echoed ZachXBT’s warnings, advising users to avoid the site to prevent potential losses of personal data and funds. Michael Lewellen, a security advisor at the Compound Finance DAO, confirmed that the URL had been compromised and is hosting a phishing website. Despite this, Lewellen assured users that the protocol remains unaffected and smart contract funds are secure.
This isn’t the first security issue for Compound Finance. In 2023, their official X account was hacked, and hackers used it to promote a phishing website, tricking users with promises of free crypto tokens. The incident was quickly flagged as a scam by cybersecurity experts, and the account was recovered within four hours.
The rise in phishing attacks has been alarming, with significant financial losses in the crypto space. On April 4, CertiK’s CEO and co-founder, Ronghui Gu, urged the community to prepare for such attacks as the market expands. CertiK reported that crypto security incidents resulted in $1.19 billion in losses in the first half of 2024, with nearly $498 million attributed to phishing attacks alone. Gu emphasized the importance of multifactor authentication and enhanced security measures to combat these threats.
As the investigation continues, users are urged to exercise caution and avoid the Compound Finance website until further notice.
Get exclusive insider access to daily market intel reports across web3 –lifetime NFT access.