DNS/CDN/frontend hash drift

Compound V3 (Comet)'s assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Two confirmed DNS/frontend attacks in 21 months: (a) Jul 2024 compound.finance DNS hijacked via Squarespace vulnerability — drainer installed; (b) Mar 2026 compound.finance redirected to compoond.finance typosquat domain. Both resolved. No active drift 2026-04-27. Repeat pattern confirms highest-priority monitoring requirement.

Detail #

Incident 1 (Jul 11, 2024): compound.finance DNS hijacked via Squarespace domain migration vulnerability affecting 128 DeFi protocols. A wallet drainer was served from the compound.finance frontend. Compound and Celer Network among the affected protocols. Resolved. Source: Coindesk 2024-07-11. Incident 2 (Mar 8, 2026): compound.finance redirected to compoond.finance (typosquat domain registered approximately March 7, 2026 — 1 day prior). Confirmed redirect, resolved via credential rotation per comp.xyz SSP security update thread 7675. Source: coinspectator.com 2026-03-08, Protos 2026-03-08. Under T-09 §4.8 production monitoring: both incidents would have fired tier-A instant grade-flip. Current posture: no active drift detected as of 2026-04-27. Score is yellow (repeat-confirmed class, persistent elevated risk) rather than green despite no current firing.

Sources #

URL
https://coindesk.com/tech/2024/07/11/compound-finance-site-compromisedretrieved 2026-04-27
Governance
https://www.comp.xyz/t/7675retrieved 2026-04-27
URL
https://protos.com/defi-lending-platform-compound-finance-hijacked-againretrieved 2026-04-27

Methodology #

Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-105 score yellow collected_at 2026-04-28 00:20:50