Kelp DAO security incident analysis: Attackers bypass 2-FA verification by impersonating the Kelp team to convince GoDaddy's customer support
On July 29th, the liquidity staking protocol Kelp DAO reviewed the previous security incident: At 22:30 on July 22nd, Kelp's dApp began to display malicious wallet activity transactions, attempting to steal user funds. The Kelp team responded immediately, locking down the nameservers, restoring ownership access, and resolving the issue.
The attacker managed to convince GoDaddy's customer support to bypass 2-FA by impersonating the Kelp team. The Kelp team is taking precautions, including moving to another domain registrar and reinforcing alerts for abnormal UI behavior, among others. A small number of users have reported losing funds due to UI attacks, and the Kelp team is providing support.