Kelp DAO security incident analysis: Attackers convinced GoDaddy customer support by impersonating the Kelp team and bypassed 2-FA verification

Odaily News On July 29, the liquidity staking protocol Kelp DAO reviewed previous security incidents: At 22:30 on July 22, Kelps dApp began to show malicious wallet activity transactions in an attempt to steal user funds. The Kelp team responded immediately, locked the domain name server, restored ownership access, and resolved the problem. The attacker successfully convinced GoDaddys customer support to bypass 2-FA by impersonating the Kelp team. The Kelp team is taking preventive measures, including transferring to another domain name registrar and strengthening alerts for abnormal UI behavior. A small number of users have reported losing funds due to UI attacks, and the Kelp team is providing support.