Allegations of UI spoofing attacks have once again surfaced in the cryptocurrency ecosystem. According to social media posts, a frontal attack targeting users via the official website of Compound (COMP), a decentralized finance (DeFi) protocol, is underway.
According to the information shared, when users click on the apply button of the Compound Finance domain, they are redirected to another domain. This redirect would lead to a different interface called “Compoond”, which looks visually suspicious. It is stated that this interface may be a phishing attempt to imitate the original application, and users are warned to be careful.
The attack allegations emerged after DeFi protocol Maple Finance also faced a similar fake interface attack last month. Experts say these types of attacks typically aim to steal user funds through wallet connections or transaction confirmations.
On the other hand, the developers emphasize that technical solutions exist against such attacks. They suggest that some tools that make smart contract interfaces more secure and automatically generate secure user interfaces from contract data could be more widely used. It is also known that Vitalik Buterin, co-founder of Ethereum, has already drawn attention to such security approaches.
*This does not constitute investment advice.