Ether.fi foils domain hijack attempt, credits enhanced security measures

Ether.fi successfully thwarted an attempted domain account takeover on September 24, 2024, involving its domain registrar, Gandi.net. The protocol detailed the incident in a GitHub post on September 25.

The attack involved attempts by attackers to exploit Gandi’s account recovery process to gain control over Ether.fi’s domain. The first sign of the breach occurred at 16:38 UTC when Ether.fi received a recovery notification email from Gandi.

Upon checking the email’s SPF, DKIM, and DMARC records, the team confirmed that the attackers had tried to access their account through Gandi’s legitimate recovery procedures.

Ether.fi quickly contacted Gandi across multiple platforms, and by 19:30 UTC, the account was successfully locked to prevent any further unauthorized access. The team restored its nameserver configurations, and an internal review revealed no breaches within their systems.

Ether.fi stated:

“In light of recent attacks on similar platforms, we had already upgraded security by enforcing hardware authentication across key systems.”

These proactive measures contributed significantly to the security of their infrastructure. The swift response from Gandi, combined with Ether.fi’s security enhancements, effectively prevented unauthorized access to the domain, ensuring the safety of their websites, applications, and email services.

Ether.fi expressed gratitude to its security partners, including Seal911, Doppel, Ethena, and Distrust, for their immediate support during the incident.

The protocol reassured users that all funds remained secure and no malicious decentralized applications (dApps) were deployed. Ether.fi plans to provide additional details about the incident in collaboration with Gandi’s team in the coming days.

Frequently Asked Questions (FAQ) about Ether.fi's Domain Hijack Attempt

1. What incident occurred with Ether.fi on September 24, 2024?
On September 24, 2024, Ether.fi successfully thwarted an attempted domain hijack involving its domain registrar, Gandi.net. The incident was detailed in a GitHub post by Ether.fi on September 25.

2. How did the attempted domain hijack take place?
The attackers attempted to exploit Gandi’s account recovery process to gain control of Ether.fi’s domain. The first indication of the breach was a recovery notification email received by Ether.fi at 16:38 UTC.

3. What steps did Ether.fi take to address the situation?
Upon receiving the recovery email, Ether.fi checked the email’s SPF, DKIM, and DMARC records, confirming the attack attempt. The team quickly contacted Gandi through multiple channels, and by 19:30 UTC, they successfully locked the account to prevent further unauthorized access.

4. Were there any breaches within Ether.fi's systems?
An internal review conducted by Ether.fi revealed no breaches within their systems. The team restored their nameserver configurations after securing the account.

5. What security measures did Ether.fi have in place prior to the attack?
In response to recent attacks on similar platforms, Ether.fi had already enhanced their security by enforcing hardware authentication across key systems, which played a significant role in preventing unauthorized access.

6. Who assisted Ether.fi during the incident?
Ether.fi expressed gratitude to its security partners, including Seal911, Doppel, Ethena, and Distrust, for their immediate support during the attempted hijack.

7. Are users' funds safe following the incident?
Yes, Ether.fi reassured its users that all funds remained secure and that no malicious decentralized applications (dApps) were deployed as a result of the attempted hijack.

8. Will Ether.fi provide more information about the incident?
Yes, Ether.fi plans to collaborate with Gandi’s team to provide additional details about the incident in the coming days.

9. What should users do if they have concerns about their accounts?
Users are encouraged to monitor their accounts closely and ensure they have enabled any available security measures, such as two-factor authentication, to enhance their account security.

10. How can users stay informed about future updates from Ether.fi?
Users can stay informed by following Ether.fi’s official communications on their website, social media channels, and GitHub for any updates or announcements related to security and platform developments.