Allegations of UI spoofing attacks have once again surfaced in the cryptocurrency ecosystem. According to social media posts, a front-end attack targeting users through the official website of Compound (COMP), a decentralized finance (DeFi) protocol, is allegedly ongoing.
According to the shared information, when users click the application button on the Compound Finance domain, they are redirected to a different domain. This redirection reportedly leads to a different interface called “Compoond,” which looks suspicious visually. It is stated that this interface may be a phishing attempt mimicking the original application, and users are warned to be cautious.
The attack allegations emerged after the DeFi protocol Maple Finance also faced a similar fake interface attack last month. Experts say that these types of attacks usually aim to steal users’ funds through wallet connections or transaction confirmations.
On the other hand, developers point out that technical solutions exist against such attacks. They suggest that some tools that make smart contract interfaces more secure and automatically generate secure user interfaces from contract data could become more widely used. It is also known that Ethereum co-founder Vitalik Buterin has previously drawn attention to such security approaches.
*This is not investment advice.