QI Quadriga Initiative

Jul 2024 - Unstoppable Domains SquareSpace DNS Hijacking - $0k (Global)

"One Stop Shop for Onchain Domains Own your identity in the digital world." "Unstoppable Domains is on a mission to create user-owned, digital identity for every person on the planet. To accomplish this, we are creating web3 domains that put you back in control of your data. These aren’t just traditional domains, these are domains with superpowers."

"Your Unstoppable domain is your identity for Web3. Use your Unstoppable Domain to build and verify your digital identity, log in seamlessly to applications, games and metaverses, make payments easier by simplifying lengthy crypto wallet addresses, and create and host websites that you fully own.

Unstoppable Domains are minted on the blockchain with zero gas fees. Best of all, once you buy and claim a Web3 domain, it's yours forever — no renewal fees."

"Find your ideal domain from a vast selection of endings that fit both your brand's personality and budget." "Seamlessly secure your domain with credit card or crypto-payments." "Instantly mint your new domain to your personal wallet or choose the UD Vault for enchanced security." "Enjoy complete control over your domain — manage or sell it whenever you choose."

"Unfortunately, many domain contributors never created their Squarespace accounts either because they forgot that they were granted contributor access, or they didn’t expect inaction to have security implications, making it quite easy for a threat actor to beat them to the punch and gain full access to their account."

"Importantly, our backend services, smart contracts and critical infrastructure were unaffected, ensuring your data remains completely safe.

No user data leaks or account compromises occurred, reaffirming our commitment to your security."

"Web3 domain provider Unstoppable Domains stated on Twitter that Unstoppabledomains.com was attacked. Until further notice, please do not open any emails from @unstoppabledomains.com or use the website."

"We actively engaged in a Telegram community with other companies impacted, offering support and sharing insights to help everyone involved.

Our team worked tirelessly to review the situation. Because our backend was completely secure, no data was compromised and your information remains safe."

"We’re pleased to report that our website, http://unstoppabledomains.com, and communications from @unstoppabledomains.com are secure & fully operational.

--> Our team worked tirelessly to prioritize and ensure the safety and security of our users.

--> No user data leaks or account compromises occurred.

--> Soon we will be moving our .com to Unstoppable as a Registrar and tokenizing it to provide an extra level of security and reliability."

"Traditional DNS registrars like @squarespace can face security challenges if compromised. Once we finalize ICANN approval for our registrar license, we’ll transfer and tokenize http://unstoppabledomains.com within our own system. This transition is expected within the next month."

"Once tokenized and onchain, any changes to DNS records or domain transfers will require a wallet signature.

This will enhance security, functionality and protect against attacks."

"No action is required from users at this time. As a best practice we recommend everyone turn on two-factor authentication (2FA).

To further secure your online presence, consider getting your .com domains through Unstoppable in the future.

Tokenizing your domains with us provides extra security and reliability, helping you avoid similar issues and ensuring better protection."

Further Analysis

Unstoppable Domains offers web3-based domain names which serve as an identity for users on the blockchain. On July 11th, Google Domains were acquired by SquareSpace, which set up a transition process whereby users could log in to transfer their accounts to SquareSpace. There was no validation on who owned those accounts, which allowed malicious individuals to claim and hijack popular domain names. These domain names were redirected to phishing sites. This included the Unstoppable Domains domain name.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Dough Finance ConnectorDeleverageParaswap Vulnerability > > < < Smart Bank Token (SBT) Contract Drained

Sources/Further Reading

SlowMist Hacked - SlowMist Zone (Dec 31)
@unstoppableweb Twitter (Dec 31)
Notion – The all-in-one workspace for your notes, tasks, wikis, and databases. (Dec 31)
Unstoppable Domains — web3 domains for everyone (Dec 31)
About | Unstoppable Domains (Dec 31)
@samczsun Twitter (Dec 31)
Our SquareSpace Domain Was Hijacked! Here’s How Blockchain Can Prevent This From Happening To You | by Matthew Gould | Jul, 2024 | Medium (Dec 31)
@beingando Twitter (Dec 31)
@sandy_carter Twitter (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.