Puffer Finance Resumes Operations After Smart Contract Pause Amid Domain And Social Media Compromise
In Brief
Puffer Finance temporarily paused its smart contract after a domain and social media breach, assuring users that funds were safe while investigations continue.
Amir Forouzani, Co-Founder of the liquid restaking protocol Puffer Finance, announced that the project’s smart contract had been temporarily paused and was expected to be re-enabled soon following a potential security incident.
According to a statement published earlier on the social media platform X, Amir Forouzani confirmed that the platform had encountered a domain-related issue and advised users to refrain from accessing Puffer Finance applications or interacting with any of its social media channels while the matter was under review.
At the same time, blockchain security firms SlowMist and PeckShield confirmed that Puffer Finance’s official website (puffer[.]fi) and its social media channels had been compromised. Meanwhile, media reports indicated that attackers hijacked the project’s domain and social media accounts between August 10th and August 17th.
After a brief period, however, Amir Forouzani issued an update informing users that all funds remained safe and the system has returned to normal. The X post explained that the smart contract had been paused purely as a precautionary step and would be reactivated shortly.
Despite regaining operational control, the specific details of how the breach occurred—whether through credential theft, administrative missteps, or a deliberate targeted attack—were not disclosed. Whether the platform suffered any deeper consequences remains uncertain.
This incident has led to expectations that Puffer Finance will release further clarification and a more comprehensive report on the breach in the near future. Users and observers remain attentive to potential updates, although no warning reports have surfaced so far, suggesting that users likely did not encounter direct issues.
DNS Hijacking Incidents Target DeFi Platforms, Highlighting Security Risks
The Domain Name System (DNS) is an essential element of the internet that functions in a similar manner to a phone directory. It translates simple and recognizable domain names, such as facebook.com, into numerical IP addresses, like 192.168.1.1, which are required for devices to establish connections. This conversion process allows users to access websites using easy-to-remember names rather than relying on complex sequences of numbers. When a user enters a web address into their browser, the device contacts a DNS server to obtain the associated IP address, thereby ensuring connection to the intended website.
In the case of DNS hijacking, this process is disrupted by malicious actors as they alter the way DNS queries are resolved, which causes users to be redirected to fraudulent websites without being aware of the redirection. Attackers may achieve this by exploiting weaknesses in DNS servers, compromising routers, or accessing accounts held with domain registrars. The primary goal is to manipulate DNS records so that individuals attempting to access a legitimate website are unknowingly redirected to an imitation platform designed to execute harmful code, such as wallet-draining scripts.
Once a website is compromised through DNS hijacking, traffic can be rerouted to a malicious platform without the knowledge of the user which allows fraudulent sites to appear genuine while capturing sensitive data or assets.
Domain hijacking continues to pose a considerable threat in the cryptocurrency sector and several decentralized finance (DeFi) platforms, particularly those using .fi domains, have been targeted in front-end attacks of this nature.
On May 12th, 2025, Curve Finance experienced such an incident when its .fi domain was hijacked at the registrar level. As a result, users were redirected to a phishing site designed to drain wallets. While the back-end smart contracts remained unaffected, the front-end interface was compromised. In response, Curve Finance directed users to curve.finance, initiated a takedown request for the malicious domain, and strengthened registrar-level protections while also investigating decentralized hosting solutions such as ENS or IPFS.
Another case occurred on September 24, 2024, when Ether.fi was the target of an attempted domain account takeover via its registrar, Gandi.net. This attempt was unsuccessful, as preemptive measures including hardware-authenticated recovery systems and collaboration with security experts ensured that the breach was contained without financial impact.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
