Proactive cybersecurity measures prevented hackers from taking over Ether.fi protocol and siphoning user funds.
DeFi staking protocol Ether.fi let users know their funds were safe amidst a domain takeover attempt orchestrated on September 24. The protocol’s domain registrar, Gandi.net, was at the heart of the attack as the hacker sent a recovery notification via the registrar’s mail to Ether.fi at 4:38 PM UTC. Its team checked “SPF, DKIM and DMARC authentication records for the email” to confirm the hacker used Gandi’s recovery systems to send the fake mail to the protocol.
Ether.fi contacted the domain registrar through numerous channels to have its account locked and prevent the hacker from gaining access to it. That confirmation came at 19:30 UTC on September 24. “We’re glad to report that all funds are safe, and the attackers at no point presented a compromised dapp on any ether.fi related domain,” the protocol’s X account confirmed. “Users are safe to interact with ether.fi.”
Ether.fi Upgraded Its Security After Witnessing Similar Attacks on Other Protocols
The protocol confirmed that security upgrades to its platform prevented the hacker from getting into it. “In weeks prior, there was an increase in exploitation of similar attack vectors observed with other protocols,” a Gitbook post from Ether.fi noted. Observing those attacks, it decided to bolster its security, which proved highly fruitful. “
“Thank you to the Seal911 team, Doppel, Ethena and Distrust our security partner – teams that instantly responded and provided assistance as we navigated the dangerous waters today,” the post added. It concluded by mentioning that the attackers did not deploy compromised dApps on any of its domains, thus keeping user funds safe.
Ether.fi also requested users not to interact with its domains or click any associated links. It added that official communications would be relayed on X and Discord, not emails.