Hackers seized 100 abandoned DeFi protocols

Malicious actors are mass intercepting the domains of abandoned DeFi protocols to deceive users and steal their cryptocurrency. This was reported by the cybersecurity company Coinspect.

Hackers use old domains of inactive dapps that are still mentioned on well-known platforms like DeFi Llama and DappRadar or in the news. After interception, cybercriminals inject malicious code and alter the content of the site.

"Unlike typical phishing attacks, there is no need for spam emails or social engineering here. Users can land on a malicious site by clicking a link from an old video or through a DeFi aggregator," experts noted.

Experts have already discovered 100 such domains. Another 475 are at risk.

One example is the blockchain platform Astar Exchange, which held $3.5 million. The platform ceased operations in February 2024, and the project's domain name expired in April 2025.

In July, the Astar domain was re-registered, analysts from Coinspect told DLNews in a comment. On the homepage, the attackers posted a phishing ad offering to withdraw funds from the platform. By clicking on the link from this publication, users lost cryptocurrency.

A similar situation occurred with the projects ADAO, Andromeada, and Ladex Exchange. Experts do not yet know who is behind the attacks. The exact amount stolen is also difficult to assess, as hackers often change wallet addresses.

How to Protect Yourself?

Experts recommend that projects extend their domains even after closure, post warnings about ceasing operations, and notify analytical platforms about this.

Users should:

• check the relevance of links;
• do not sign transactions on suspicious sites;
• use wallets with protection against fraudulent domains

According to experts from Coinspect, the attacks are currently relatively primitive. However, they warned:

"If the attackers complicate the methods (, for example, restore the social networks of the projects ), it will become much harder to detect forgery"

Recall that in January, CertiK experts spoke about the growing threat of phishing.