According to BlockBeats, on July 29, Kelp DAO, a liquidity staking protocol, reviewed a recent security incident. On July 22 at 22:30, Kelp's dApp detected malicious wallet activity attempting to steal user funds. The Kelp team responded immediately by locking the domain server, restoring ownership access, and resolving the issue.
The attackers impersonated the Kelp team and successfully convinced GoDaddy customer support to bypass two-factor authentication. In response, the Kelp team is taking preventive measures, including moving to a different domain registrar and enhancing alerts for abnormal UI behavior. A few users reported losing funds due to the UI attack, and the Kelp team is providing support to those affected.