Decentralized finance giant Compound Finance’s frontend was compromised earlier on Thursday, leading to a phishing attack on its platform. Phishing attacks involve sending fraudulent communications that appear to be from a reputable source, aiming to deceive users into revealing sensitive information.
The phishing incident occurred when the official compound(.)finance site was redirected to a phishing site named “compound-finance.app.” This phishing site, identified by security researcher Michael Lewellen, acts as a draining tool designed to empty funds from unsuspecting users who interact with it. However, it’s important to note that the actual Compound protocol remains secure, and all user deposits are safe.
Compound Finance is a popular decentralized finance protocol that enables users to deposit, lend, and borrow various tokens using the Ethereum blockchain. With over $2.3 billion worth of assets locked in the protocol as of Thursday, Compound Finance is considered one of the largest DeFi services in the industry.
Phishing attacks are a significant concern in the cryptocurrency market, with millions of dollars being stolen from users through fraudulent schemes. In the first two months of 2024 alone, over $104 million was reported as stolen due to phishing attacks.
Despite the phishing incident, Compound’s governance token COMP prices remained relatively stable in the past 24 hours, according to data from CoinGecko. This stability reflects the resilience of the Compound protocol and the trust of the community in the platform’s security measures.