Renowned cryptocurrency investigator ZachXBT has issued an urgent warning, advising users to avoid the Compound Finance website, which appears to have been compromised.

Security Alert Issued on July 11

On July 11, ZachXBT disseminated a critical alert via Telegram, cautioning the crypto community to steer clear of the Compound Finance website temporarily. According to his investigation, the website is currently redirecting users to a newly registered phishing site, presenting a significant security threat.

Official Confirmation and Advisory from Compound Finance Team

In a swift response, a representative from the Compound Finance team corroborated the breach, advising users to abstain from interacting with the site to safeguard their personal data and funds from potential compromise.

Michael Lewellen, a security adviser at the Compound Finance DAO, provided further insights, confirming that the URL had indeed been compromised and was hosting a phishing site. Despite the alarming situation, Lewellen reassured users that the core protocol remains unaffected and that the smart contract funds are secure. Nevertheless, he strongly recommended avoiding any interaction with the compromised site.

Awaiting Official Response

Cointelegraph reached out to the Compound Labs team for an official comment on the breach but has not yet received a response.

Historical Context: Compound Finance’s X Account Hack in 2023

This is not the first security incident for Compound Finance. In 2023, the decentralized finance (DeFi) protocol’s official X account fell victim to hackers. Similar to the recent breach, the attackers exploited the social media platform to propagate a phishing website.

During the 2023 attack, the compromised account promoted an advertisement for free crypto tokens, enticing users to click a link that mimicked the protocol’s official site. This phishing attempt was swiftly identified and flagged as a scam.

Cybersecurity experts, including Officer’s Notes and blockchain security platform Scam Sniffer, confirmed that the account had disseminated phishing links. The Compound Labs team later confirmed that the account had been compromised for four hours before they regained control and removed the malicious posts.