Decentralized cross-chain protocol Frax Finance’s domain was hijacked early Wednesday, and while the site currently points to the correct nameserver and loads the real Frax user interface, it can’t figure out what exactly happened.
«The current nameserver belongs to us and the real Frax UI,» Frax founder Sam Kazemian told CoinDesk. «But since we haven’t heard back from name.com the domain registrar on what caused the original issue, we can’t be 100% sure it’s safe to use frax.finance in case it gets attacked again.»
Domain Name System (DNS) hijacking occurs when the domain name registrar redirects users to a malicious site that looks exactly like the authentic one to phish users into giving up their credentials.
This type of attack is increasingly common in crypto. In 2022, decentralized finance (DeFi) project Convex Finance had to set up new website addresses after its original URLs were taken over and misdirected users to malicious sites.
Name.com did not immediately respond to a request for comment from CoinDesk.
So far no user funds have been stolen by the attacker.
Kazemian said that his team is in the dark about what happened, and it doesn’t seem to be a compromised email or password.
«It doesn’t seem like we did anything wrong at all. So until they tell us the account is secure, it’s not possible for us to say it’s safe,» Kazemian said.