On September 18, decentralized finance (DeFi) service provider Ethena Labs fell victim to a domain registrar hack, leading to a front-end breach of its website. In response, Ethena Labs has urged users to avoid interacting with any websites or applications posing as the official Ethena platform until further notice.
According to a statement from Ethena Labs, the domain registrar account was compromised, and the website has been deactivated while the issue is being investigated. However, Ethena Labs assured users that the core blockchain protocol and customer funds remain unaffected by the exploit.
A prominent player in the synthetic dollar market, Ethena issues a collateralized, dollar-pegged token with a supply of $2.6 billion, primarily on the Ethereum blockchain, according to DeFi analytics platform DefiLlama. The breach has raised concerns about user security, prompting swift warnings from both Ethena Labs and cybersecurity firm Blockaid.
Blockaid advised users who had interacted with the Ethena platform during the attack to disconnect their wallets immediately and avoid signing any transactions. Additionally, popular decentralized finance wallet MetaMask flagged the compromised Ethena website as “deceptive,” further advising users to steer clear of the platform until the security issues are resolved.
Despite the breach, Ethena Labs reassured the public that its protocol infrastructure remains secure and that it is actively working to resolve the issue. As of now, attempts to determine how hackers gained access to the website management console have gone unanswered.
For now, users are advised to stay away from the Ethena platform and await further updates.