Decentralized Finance Giant Compound Finance’s Frontend Compromised by Phishing Attack

Earlier today, developers discovered that the frontend of the decentralized finance giant Compound Finance was compromised, leading to a phishing site. Phishing attacks, which involve sending fraudulent communications that appear to be from a reputable source, are a significant concern in the cryptocurrency market, with over $104 million stolen from unsuspecting users in the first two months of 2024.

The official Compound Finance website, compound(.)finance, now redirects users to “compound-finance.app” as of the European morning hours on Thursday. Security researcher Michael Lewellen identified the latter as a draining tool designed to empty funds from users who interact with it. Despite this phishing incident, the actual Compound protocol remains secure, ensuring that all existing user deposits are safe.

Compound Finance enables users to deposit, lend, and borrow tokens using the Ethereum blockchain. With over $2.3 billion worth of assets locked in the protocol as of Thursday, Compound Finance stands as one of the largest decentralized finance platforms in the industry.

The prices of Compound’s COMP token showed little change in the past 24 hours, according to data from CoinGecko.