Ether.fi Prevents Domain Takeover, Ensures User Funds Are Safe
Introduction
Ether.fi, a decentralized finance (DeFi) staking protocol, has successfully averted a domain takeover attempt. On September 24, attackers tried to breach their domain account but were stopped before any user funds were compromised.
The Attempted Domain Takeover
Incident Details
On September 24, Ether.fi detected an attempt to take over their domain account via their domain registrar, Gandi.net. The DeFi protocol received a recovery notification email from Gandi.net at 4:38 pm UTC, which, upon verification through strict security measures including “SPF, DKIM, and DMARC authentication records,” was confirmed to be fraudulent.
Response to the Attack
Recognizing the threat, Ether.fi immediately contacted Gandi.net through multiple platforms. By 7:30 pm UTC, the domain account was secured to prevent any further tampering. This swift action was crucial in ensuring that the attackers could not present any malicious decentralized applications (DApps) on any Ether.fi-related domain.
Security Measures
Pre-emptive Security Upgrades
Weeks prior to the incident, Ether.fi had already heightened its security measures due to an observed increase in similar attack vectors across other platforms. The protocol enhanced key platforms to necessitate hardware authentication for account recovery and management procedures.
Role of Security Partners
Ether.fi credited its security partners, including Seal911, Doppel, Ethena, and Distrust, for their immediate assistance during the attack. These partners played a significant role in mitigating the threat and securing the domain.
Communication and User Fund Safety
Immediate Actions
At 7:13 pm UTC on September 24, Ether.fi communicated to its users via social media platform X, advising them not to click on any links or interact with their domain. They emphasized that official communications would be conducted solely through X or Discord, explicitly stating that no communication would come through email.
Assurance of Fund Safety
After resolving the incident, Ether.fi confirmed that all user funds were safe and that the attackers had no opportunity to issue any malicious DApps on any Ether.fi-related domain. This prompt and clear communication helped in maintaining user trust and confidence in the protocol.
Conclusion
Ether.fi’s proactive approach to security and quick response to the attempted domain takeover ensured that no user funds were compromised. The incident highlights the importance of robust security measures and the role of effective communication in maintaining user trust in the DeFi space.
