Security News > 2024 > July > Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms
Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year.
According to the researchers' report, Squarespace pre-registered a bunch of email addresses it thought would be useful to have set up as domain admins following the migration without checking if the email accounts existed.
The two categories of email addresses it selected for this included the address linked to the original Google Domains account and any contributor addresses associated with that domain.
The attacks are said to unfold when the crims guess one of the pre-registered admin email addresses, register the account for themselves, and then use it to gain admin access and change DNS record data.
Once the crims gained access to a Squaresapce admin account, they were able to register themselves as Workspace admins too, the report claims.
The most talked about cases have all now been resolved, according to Compound Labs, Unstoppable Domains, Celer, and Pendle who all confirmed they detected malicious activity on their Squarespace accounts.