Ether.fi Thwarts Domain Takeover Attempt, User Funds Remain Safe

cryptonews.com:

Veronika Rinecker is based in Germany, studied international journalism and media management. She specializes in politics and regulation, energy, blockchain, and fintech. Since 2017, she has been...

Ether.fi, a liquid restaking protocol, narrowly avoided a security scare after attackers attempted to hijack its domain name through its registrar, Gandi.net.

According to a detailed post by Ether.fi, the incident unfolded on Sept. 24 when the team received an email notification from Gandi indicating a domain recovery request. This triggered the protocol’s existing security measures, including verifying email sender authentication (SPF, DKIM, and DMARC), which ultimately alerted them to a potential attack.

Ether.fi contacted Gandi across multiple platforms, leading to a successful lockdown of their domain account by 7:30 PM UTC. This prevented further tampering and ensured the integrity of their nameserver configuration.

“We are in contact with our domain provider and the domain is locked down. Please continue to avoid our site until we have verified everything is working as expected,” Ether.fi said on its social media.

The company’s X post emphasizes that no internal breach has been detected, and user funds remain safe.

On September 24, https://t.co/gbHcksxzp2 experienced a security incident involving our domain registrar, https://t.co/hW50MConP9

We’re glad to report that all funds are safe, and the attackers at no point presented a compromised dapp on any https://t.co/gbHcksxzp2 related…

— ether.fi (@ether_fi) September 25, 2024

Ether.fi credits its proactive approach – including requiring hardware authentication for key platforms – for mitigating the attack and also highlights the importance of domain registrar security practices.