Ether.fi foils domain hijack attempt, credits enhanced security measures

1 month ago 23616
ARTICLE AD BOX

Ether.fi foils domain hijack attempt, credits enhanced security measures Ether.fi foils domain hijack attempt, credits enhanced security measures Assad Jafri · 30 seconds ago · 1 min read

Early detection and swift action by Ether.fi and Gandi.net mitigated any potential damage from the domain breach attempt.

1 min read

Updated: Sep. 25, 2024 at 7:08 pm UTC

Ether.fi foils domain hijack attempt, credits enhanced security measures

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Receive, Manage & Grow Your Crypto Investments With Brighty

DeFi protocol Ether.fi reported an attempted domain account takeover on Sept. 24 involving its domain registrar, Gandi.net, according to a Sept. 25 github post by the protocol.

According to Ether.fi, the incident saw attackers try to exploit Gandi’s recovery process to gain control of Ether.fi’s domain. The first indication of the breach came at 16:38 UTC when the team received an email recovery notification from Gandi.

After verifying the email’s SPF, DKIM, and DMARC records, the team confirmed that attackers had attempted to access their account by using Gandi’s legitimate recovery flow.

Ether.fi promptly engaged Gandi on multiple platforms, and by 19:30 UTC, the account was successfully locked to prevent further tampering. The company restored its nameserver configurations, and an internal review found no evidence of a breach within its systems.

Ether.fi said:

“In light of recent attacks on similar platforms, we had already upgraded security by enforcing hardware authentication across key systems.”

It further noted that these preventive steps helped secure their infrastructure. Gandi’s rapid response, combined with Ether.fi’s safeguards prevented unauthorized access to the domain and ensured the security of their websites, applications, and email services.

Ether.fi expressed gratitude to its security partners, including Seal911, Doppel, Ethena, and Distrust, who offered immediate assistance during the incident.

The protocol assured users that all funds remained safe and no malicious decentralized applications (dApps) were deployed. It added that it would release additional details about the incident in the coming days in coordination with Gandi’s team.

Mentioned in this article
Read Entire Article