Attempted Domain Takeover at Ether.fi: What You Need to Know
On September 24, the decentralized finance (DeFi) protocol Ether.fi experienced an attempted takeover of its domain account involving Gandi.net as reported on September 25 via their official GitHub blog.
The Incident Unfolds
The alarm was raised when Ether.fi received an email recovery notification from Gandi at 16:38 UTC, signaling that an unauthorized attempt was made to gain access to their domain. Initial investigations revealed that the attackers were leveraging Gandi’s recovery process in an attempt to seize control.
Swift Response and Mitigation
Upon confirming the legitimacy of the recovery email through SPF, DKIM, and DMARC checks, Ether.fi acted quickly:
- They engaged with Gandi across various channels to address the threat.
- By 19:30 UTC, Ether.fi successfully locked the account to prevent unauthorized access.
- The team diligently reviewed their internal systems, finding no indications of a breach.
Enhanced Security Measures
In response to a rising trend of attacks targeting similar platforms, Ether.fi had already implemented stringent security protocols, including:
- Enforcing hardware authentication for all critical systems.
The proactive measures, coupled with Gandi’s quick action, effectively thwarted the attackers, preserving the security of Ether.fi’s domains, applications, and email services.
Acknowledgments
Ether.fi expressed their gratitude to security partners like Seal911, Doppel, Ethena, and Distrust for their prompt assistance during the incident. The protocol reassured its users that:
“All funds remain safe, and there were no deployments of malicious decentralized applications (dApps).”
In the coming days, Ether.fi plans to provide further updates about the incident in collaboration with Gandi’s team.
Related Topics
This rewritten article is uniquely reformulated and optimized with appropriate headings, subheadings, and bullet points for clarity and structure.