GoDaddy Website Hack Leaves DeFi Protocol ‘SpiritSwap’ Compromised

Multiple DeFi protocols have been compromised after an attack on the world’s biggest domain registrar, GoDaddy. Unconfirmed reports suggest the hacker(s) may have used GoDaddy’s account recovery method to target crypto domains.
SpiritSwap, one of Fantom’s biggest DeFi exchanges, has been left vulnerable as a result:
SpiritSwap Manages to Mitigate Disaster
SpiritSwap managed to quickly take action as the attacker(s) manipulated the swap parameters and were able to take away an amount not exceeding US$18,000. SpiritSwap provided updates stating it had disabled swapping in order to prevent the hackers from stealing further funds and assured users that their contracts and funds were safe, but the domain spiritswap.finance has been compromised. Since the attack, SpiritSwap has suspended all transactions:
Swapped Funds Redirected Across DeFi Protocols
Several crypto projects use GoDaddy to host their domains, and at the time of writing the full extent of the damage was not yet clear. That said, this attack differs from the recent ‘Coinzilla Ad’ hack in which an ad caused a pop-up on sites such as CoinGecko that, when clicked, could drain a user’s wallet. In the case of GoDaddy, the attacker used the hosting platform to redirect swapped funds on DEXes such as QuickSwap and SpiritSwap:
DeFi Scams on the Rise in 2022
DeFi scams are nothing new but are becoming ever more brazen. Here is a recent list of the scams that happened in DeFi this year:
- May 13: Luna Plummets 97% Amid $900 Million in Liquidations
- May 12: DeFi Protocol ‘Fortress Lending’ Exploited for $3 Million
- May 12: Azuki NFTs Collapse 63% Amid Revelations of Founder’s Failed NFT Projects
- May 3: Stablecoin DEX ‘Saddle Finance’ Exploited for $10 Million
- April 27: Bored Ape Yacht Club’s Instagram Compromised in $2.8 Million NFT Scam
- April 26: $34 Million ‘AkuDreams’ NFT Project Locked Permanently by Smart Contract Error
- April 19: Beanstalk Stablecoin Loses $182 Million in Flash Loan Exploit
- April 1: 35 NFTs Stolen in Twitter Phishing Attacks Last Week
- March 5: ‘Smol Brains’ NFTs Worth $1.4 Million Stolen and Then Returned?
- March 1: Users Left Fuming After $70 Million Pixelmon NFT ‘Rug’
- Feb 4: Alert: New Malware ‘Mars Stealer’ Targets 2FAs and Crypto Hot Wallets
- January 22: NFT Rug-Pull for $1.3 Million, ‘Verified’ Project ‘Big Daddy Ape Club’
- January 15: NFT Community Comes Together Amid $1.3 Million Frosties NFT RugPull