This morning, Compound Finance received reports that the compound.finance website was redirecting users to a phishing site hosted on a lookalike domain (“compOOnd”). The redirect is no longer active.
What was affected
Only compound.finance was affected. app.compound.finance, the primary interface for wallet connections and transactions, was not compromised. app.compound.finance is served via IPFS, allowing us to independently verify its integrity.
Based on onchain analysis, no user loss of funds has been identified.
Our response
Root cause has been identified and unauthorized access has been revoked. All other credentials on the affected infrastructure account have been rotated. A full review of web infrastructure and access controls by Certora, ChainSecurity and zeroShadow is underway to ensure there are no further exposures.
We have notified common blocklist providers including ChainPatrol, SEAL, Etherscan, and Blockaid to flag the malicious domains.
compound.finance should now be safe to use. We continue to monitor as we complete our investigation and infrastructure review.
We appreciate the community’s vigilance in flagging this quickly. A full post-mortem will follow.