Decentralized finance giant Compound Finance's frontend was compromised earlier on Thursday and now hosts a phishing site, developers said in an X post . Shortly afterward, blockchain project Celer's developers said the site was hit by a malicious actor as well, and hosts a draining service.
"We are investigating a potential DNS domain attack that seems to be hitting multiple projects at the same time," Celer developers said in an X post .
The compound(.)finance site leads to the "compound-finance.app" as of European morning hours Thursday.
Security researcher Michael Lewellen noted that the latter is a draining tool that will empty funds if a user interacts with it. As such, the actual Compound protocol remains unaffected, and all existing user deposits are safe.
Compound allows users to deposit, lend and borrow tokens using the Ethereum blockchain. It holds over $2.3 billion worth of assets as of Thursday, making it one of the biggest DeFi services in the industry.
Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. These are a major concern across the cryptocurrency market, with over $104 million stolen from unsuspecting users in the first two months of 2024 alone.
Compound's COMP token prices were little changed in the past 24 hours, CoinGecko data shows.
UPDATE (July 11, 12:30 UTC) : Updates headline and story with Celer network compromise.