In a security incident that underscores the challenges facing the nascent decentralized finance (DeFi) sector, Liqwid Labs, a decentralized finance (DeFi) protocol built on the Cardano blockchain, reported a hack on their Discord server.
The company tweeted the news early Wednesday, urging users not to click any links or engage with the server until the issue was resolved.
According to Liqwid Labs, an admin's user token was compromised through a malicious link, effectively bypassing two-factor authentication (2FA) and leading to an account takeover. This incident resulted in the addition of several malicious accounts and spam messages on the server.However, the project stated that it had secured the server, deleted the compromised admin account, and removed all the spam messages and malicious accounts.
In the aftermath of the breach, Liqwid Labs has announced plans to enhance its security measures. The protocol plans to switch to a "cold admin" account dedicated exclusively for server administration and remove admin privileges from all existing admins' day-to-day user accounts. This change aims to mitigate the risk of similar incidents occurring in the future.
The incident serves as a stark reminder of the vulnerabilities inherent in the rapidly expanding DeFi sector.