Compound Finance Front-End Hijacked Again in 2025

Compound Finance Website Redirected to Phishing Domain — Again

Compound Finance suffered another front-end compromise over the weekend, marking the second time in under two years that attackers have successfully hijacked the lending protocol's public-facing website. The incident joins a growing list of similar attacks targeting DeFi interfaces, including those affecting Maple Finance, OpenEden, and Curvance.

According to a post on Compound's governance forum from the project's security provider, the main website was redirecting visitors to a phishing site hosted on a lookalike domain — stylized as 'compOOnd' — designed to deceive users into connecting wallets or approving malicious transactions. The security team confirmed that all compromised credentials on the affected infrastructure account have since been rotated and the issue has been resolved. Critically, no user fund losses were identified.

How Does This Affect COMP Perpetual Markets?

Front-end exploits of this nature — where the underlying smart contracts remain untouched — typically generate short-term bearish pressure on the affected token's perpetual markets rather than sustained structural damage. Traders should watch for the following dynamics in the wake of this incident:

Sentiment-driven selling can spike funding rates negative on COMP-PERP pairs as short interest builds on centralized derivatives venues. However, since protocol funds were confirmed safe and no on-chain exploit occurred, the catalyst for a prolonged de-leveraging event is limited. As of mid-2025, COMP open interest across major perp exchanges remains relatively thin compared to large-cap assets, meaning even moderate directional flow can produce outsized price moves and trigger cascading liquidations on both sides.

Broader DeFi sentiment is the more significant variable here. Repeated front-end compromises across multiple protocols — Maple Finance, OpenEden, Curvance, and now Compound twice — signal a systemic vulnerability in how DeFi projects manage their web infrastructure. If this narrative gains traction, expect correlated selling pressure across mid-cap DeFi governance tokens with active perp markets, including AAVE, MKR, and CRV.

A History of Operational Failures at Compound

This incident does not occur in isolation. Compound's operational track record over the past several years has been notably problematic for a protocol that once ranked among DeFi's most trusted:

• In July 2024, Compound's front end was compromised alongside several other Squarespace-hosted DeFi domains in a coordinated DNS-level attack.
• In 2022, an upgrade error effectively froze the cETH market — at the time holding over $800 million in assets — for approximately one week while a governance fix was pushed through.
• In 2021, a misconfigured distribution contract resulted in nearly $150 million in excess COMP rewards being erroneously distributed to users.
• In 2024, the Compound DAO drew community scrutiny over conflict-of-interest allegations involving risk management service provider Gauntlet.

The one technical safeguard that limited Sunday's damage: the app.compound.finance subdomain — the interface through which users connect wallets and execute transactions — is served via IPFS. This architecture allowed security providers to independently verify the integrity of the application layer, providing a meaningful layer of protection that the main domain lacked.

AI-Assisted Phishing: A Rising Threat Vector for DeFi Infrastructure

Security researchers have flagged a broader concern underpinning these recurring incidents. The proliferation of AI-assisted tooling is materially lowering the technical barrier for phishing campaigns targeting DeFi front ends. Constructing convincing lookalike domains, automating wallet-draining scripts, and bypassing basic bot-detection layers are all tasks that have become significantly more accessible. For traders with capital deployed in DeFi protocols, this trend warrants ongoing attention as an operational risk factor — separate from smart contract risk — that is not yet fully priced into governance token valuations.