Hackers attacked 100 abandoned DeFi projects

Coinspect reported a series of attacks on the decentralized application ecosystem. Hackers hijacked the domains of more than 100 abandoned DeFi projects and embedded phishing traps on the sites. Unlike conventional schemes, the attacks don’t require mailings – users get to malicious resources by clicking on old links in aggregators, news or videos.

According to the researchers, at least 475 other domains are at risk. An example is Astar Exchange, once a blockchain platform with $3.5 million in assets. After it closed in February 2024, the domain expired and was hijacked by attackers in July. They posted a fake withdrawal ad, causing users to lose cryptocurrency.

Similar schemes have also been recorded on ADAO, Andromeada and Ladex Exchange. The total amount stolen is still unknown – the attackers’ addresses change frequently, and the nature of the attacks remains relatively undetectable.

Coinspect notes that the current methods are rather primitive, but warns: if hackers restore the former social media projects, it will become extremely difficult to distinguish fakes.

Analysts advise developers to renew domains even after the shutdown, post notifications about the shutdown and inform aggregators about it. Users are advised to be attentive to the sources of links, avoid unconfirmed transactions and use wallets with anti-phishing functions.

CertiK has previously reported an increase in phishing attacks in the crypto space, especially amid decreased auditor activity and user disorientation.