Key Highlights
- Neutrl users risk losing funds after a suspected DNS attack redirected the platform’s website.
- DNS hijacks put wallets and email access at risk, making domain security crucial for Web3.
- Past attacks like OpenEden and Curve show DNS compromises can cause permanent financial and reputational losses.
Users of DeFi protocol Neutrl are being explicitly warned to stay away from the platform’s frontend following a suspected, highly sophisticated domain name system (DNS) attack. According to posts on X, the team is actively investigating a potential security breach that could put users at risk.
The attack appears to have targeted the company’s DNS provider, letting attackers redirect the website without touching Neutrl’s smart contracts. Until the investigation is complete, users are strongly advised not to interact with the platform.
Neutrl’s team urged users to revoke all Permit2 approvals through revoke.cash and warned against interacting with unknown addresses. “Out of an abundance of caution, please do not interact with the website until further updates are provided,” the protocol posted on X. The team confirmed they are working with 0xGroomLake to investigate and paused smart contracts as a precaution.
Domain security remains critical
DeFi expert YAM warned that securing domain and DNS systems is critical for crypto platforms. “DeFi protocol teams, PLEASE go over your domain and DNS security setup before this happens to you,” YAM posted.
He suggested using trusted registrars like Cloudflare, MarkMonitor, or AWS Route53; locking access with hardware security keys; enabling DNSSEC; and keeping an eye on any domain changes.
DNS doesn’t just control a website—it also handles email. If attackers take over DNS, they can access emails, reset passwords, and potentially take control of wider organizational systems. In traditional apps, mistakes can sometimes be fixed, but on blockchain, transactions are permanent.
This implies that any mistake has the potential to cause irreversible financial loss. Any user whose wallet is connected to a compromised domain is immediately at risk, and the entire protocol is in danger of suffering reputational damage.
Lessons from recent attacks
The Neutrl hack is not the first DeFi protocol hack involving DNS hijacking. In February 2026, the OpenEden protocol was compromised when the attacker hijacked the domain name system of the protocol, affecting both the main website and the user portal.
Although the protocol’s reserve funds were safe, the hack posed a risk to the users’ funds. The protocol, however, assured its users of regular updates as the case unfolded, stating, “Do NOT interact with them.”
Domain name system hijacking has plagued Web3 protocols over the years. In 2022, the Curve Finance protocol lost $575,000 after the frontend of the protocol was compromised. In 2023, the Galxe protocol also suffered a DNS attack and had 1,100 of its users’ wallets drained. In 2024, the Puffer Finance protocol faced DNS hijacking.
Because of these risks, strong domain and DNS security are more important than ever in Web3. Blockchain transactions cannot be reversed, and users connect their wallets directly to platforms, which makes mistakes costly.
Organizations also face wider exposure if DNS is compromised. Users, meanwhile, should regularly check which addresses have access to their wallets and revoke any approvals that seem suspicious to reduce potential losses.
Also Read: OpenClaw Devs Targeted in GitHub Phishing Scam Promising $5K Airdrop
