Several organizations, primarily in cryptocurrency and decentralized finance, have fallen victim to domain hijacking incidents after migrating from Google Domains to Squarespace Inc.
The affected domains belonged to former Google Domains customers who had not completed the setup process with Squarespace after Google announced the closure of its domain services last year.
As detailed by Krebs on Security, attackers exploited a loophole where they could seize control of migrated Squarespace accounts by using an email address associated with an existing domain. This vulnerability was reportedly exploited between July 9th and 12th, targeting prominent crypto and DeFi entities like Celer Network Foundation Ltd., Compound Labs Inc., Pendle Labs Ltd., and Unstoppable Domains Inc. Some of the hijacked domains were redirected to phishing sites aimed at stealing cryptocurrency assets and login credentials.
Researchers from Metamask and Paradigm Operations LP pointed out that Squarespace’s migration process did not adequately address the risk posed by email-based sign-ups without multifactor authentication or robust password requirements. This oversight allowed threat actors to easily register accounts and hijack domains associated with vulnerable email addresses.
While some affected companies managed to regain control of their domains, concerns about Squarespace’s security practices remain. SC Media reported that both Celer and Pendle successfully recovered their domains, with Pendle emphasizing that no cryptocurrency assets were compromised during the incident.
This security lapse underscores the importance of robust security measures in domain management and migration processes, prompting discussions about potential alternatives for affected Squarespace customers.
Related topics: