Ether.fi, a decentralized finance (DeFi) staking platform, has announced that user funds remain secure following a recent attempt at a domain takeover.
On September 24, the protocol faced an intrusion attempt involving their domain registrar, Gandi.net, but the threat was neutralized before any significant damage occurred. The internal team at Ether.fi confirmed that the attackers were unable to deploy any harmful decentralized application (DApp) on any domain associated with Ether.fi.
Source:
Ether.fi
Related:
Ether.fi set to launch a ‘crypto-native’ credit card on ZK-rollup Scroll
Ether.fi addresses the attack
The breach attempt initiated on September 24 when Ether.fi received a recovery notification email from Gandi.net at 4:38 PM UTC. After thorough verification through the protocol’s security protocols, which included SPF, DKIM, and DMARC authentication records, it became evident that the email was a ruse orchestrated by the attacker.
As outlined in an official Ether.fi summary on Gitbook, the attacker sought to exploit the legitimate recovery process provided by Gandi to gain access to Ether.fi’s account.
In response, Ether.fi swiftly reached out to Gandi through multiple channels, and by 7:30 PM UTC, the staking protocol confirmed that its account had been locked to avert any further unauthorized access.
Related:
Restaking is ‘inevitable,’ but the risks remain unclear — Ether.fi CEO
**Enhanced Security Measures**
Prior to this attempted breach, Ether.fi had already upgraded its security features, effectively acting as a buffer against the domain takeover threat. In a Gitbook post published weeks before the incident, the protocol noted a rise in similar attack vectors affecting other platforms.
In light of these developments, Ether.fi enhanced its key platforms to mandate hardware authentication for account recovery and management tasks. The protocol also expressed gratitude to its security partners, including Seal911, Doppel, Ethena, and Distrust, for their prompt support during the incident.
Related:
Omni Network secures $600M deal with Ether.Fi
**User Communication and Fund Security**
On September 24 at 7:13 PM UTC, Ether.fi utilized social media platform X to advise users against clicking on any links or engaging with their domain. The DeFi protocol emphasized that all official communications would be disseminated exclusively through X or Discord, clearly stating that no messages would be sent via email.
Once the situation was resolved, the team reassured users that “all funds are safe” and that the attackers had been unable to deploy any malicious DApps on any Ether.fi-related domains.
Magazine:
Lady of Crypto will be ‘all out of crypto’ by September 2025: X Hall of Flame