- Immediate Action: Upon detecting a domain compromise, Terra executed numerous actions to safeguard the user community and funds.
- Present Status: Terra’s domains remain frozen to prevent further phishing attempts while coordination with the domain registrar continues for swift recovery.
Navigating a Domain Compromise
Blockchain platform Terra, powered by its native cryptocurrency LUNA, recently confronted an unwelcome challenge: a security breach on its primary domain, terra(dot)money. Upon the discovery of the compromise on August 18th, it was deduced that a malicious entity had side-stepped the platform’s two-factor authentication via a SIM swap attack. This notorious technique allows attackers to divert a victim’s phone number to a new SIM card, bypassing many digital defenses.
1/ Update on the terra(dot)money domain issue:
The terra(dot)money domains remain frozen to prevent phishing scams, and we're actively working with the domain registrar to regain access as soon as possible. User funds in @StationWallet are safe.
Attack overview & resources 👇
— Terra 🌍 Powered by LUNA 🌕 (@terra_money) August 24, 2023
Promptly recognizing the threat, Terra’s response was multi-faceted and resolute.
Safeguarding the Terra Community
Without missing a beat, Terra set a course of action to ensure its vast user base remained unaffected and secure. This involved:
- Freezing the compromised domains with the assistance of the domain registrar.
- Implementing updates to the Station web app and browser extensions to counter potential phishing attacks.
- Advising users and partners within the ecosystem to refrain from engaging with the affected terra(dot)money domains.
- Broadcasting alerts and updates to keep users informed and vigilant.
Their endeavors were not in vain. Gratefully, Terra acknowledged that no users, as per their current knowledge, fell victim to the attacker’s phishing schemes prior to the freezing of the affected domains.
An Ongoing Resolution
Terra’s engagement with the domain registrar remains in full swing, endeavoring to regain full control of the compromised terra(dot)money domains. Once achieved, a public announcement will be disseminated to assure users of the domain’s safety.
Until that juncture, users have alternative access points to Terra’s services:
- The Station web app and browser extensions have transitioned to a new safe domain, http://station.money.
- Terra’s Finder block explorer and official documentation are temporarily housed at http://finder.station.money and docs.station.money respectively.
For those seeking further clarity or wishing to share insights related to the incident, Terra encourages joining their official Telegram channel or their Discord community, fostering transparency and open dialogue during this exigent period.
