Kelp DAO Security Incident Analysis: The attacker impersonated the Kelp team to persuade GoDaddy's customer support to bypass 2-FA verification
ChainCatcher message, the liquidity staking protocol Kelp DAO reviews the previous security incident: On July 22 at 22:30, Kelp's dApp began displaying transactions from malicious wallet activities attempting to steal user funds. The Kelp team responded immediately, locking down the domain name server, restoring ownership access, and resolving the issue.
The attacker impersonated the Kelp team and successfully convinced GoDaddy's customer support to bypass 2-FA. The Kelp team is taking preventive measures, including migrating to another domain registrar and strengthening alerts for abnormal UI behavior. A few users reported losing funds due to UI attacks, and the Kelp team is providing support.
Related tags
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
