OpenEden suffers DNS hijack amid domain registrar shift

TLDR

• Avoid openeden.com and portal.openeden.com; DNS hijack led to phishing.
• Avoid connecting wallets or signing messages; lookalike portals can steal assets.
• Reserves reportedly verifiable via Chainlink Proof-of-Reserve, but front-ends unsafe.

OpenEden’s primary domains currently present a security risk after a DNS hijacking incident redirected traffic to phishing front-ends, as reported by CryptoRank. Users face potential asset loss if they connect wallets or sign messages on lookalike portals. The incident remains under investigation and safe access has not been confirmed.

The immediate exposure is to end users, not necessarily to on-chain reserves. The report notes that reserve assets are said to be verifiable via Chainlink Proof-of-Reserve, while front-end interactions on spoofed sites remain unsafe. Until official restoration is confirmed, any wallet connection or signature on the affected URLs could be exploited.

OpenEden DNS attack: what happened and why it matters

DNS hijacking replaces legitimate domain records so traffic resolves to attacker-controlled infrastructure. In Web3, this typically yields a fake interface that prompts wallet connections, transaction approvals, or signature requests. Unsuspecting users can authorize malicious contracts or approvals that drain assets.

This matters because a compromised front-end can coerce users into granting permissions without altering underlying custody or protocol logic. Independent checks like Chainlink Proof-of-Reserve can help verify backing of reserves, but they do not protect against user-side approvals on phishing pages.

OpenEden said in a public warning on X: “It appears that the DNS for both openeden.com and portal.openeden.com is compromised. Do NOT interact with them.”

In July 2024, several DeFi projects reported DNS hijacks amid the migration of domains from Google Domains to Squarespace, where weakened account protections reportedly played a role, according to The Block. That prior wave illustrates how registrar changes can coincide with elevated risk windows for credential or DNS record takeover.

Experts highlighted that missing or degraded multi-factor authentication during such migrations can make registrar accounts easier to compromise, as reported by Cointelegraph. Industry commentary has also pointed to cryptographic controls and multi-party change approvals as ways to harden domain management.

At the time of this writing, EDEN trades near $0.03348 with sentiment flagged as bearish and volatility elevated around 25.92%, based on data from CoinMarketCap. These figures are provided for context only and do not imply any impact from the DNS incident.

Immediate steps to protect funds and wallets

Users should avoid visiting openeden.com and portal.openeden.com and refrain from connecting wallets or signing any messages on sites reached via those domains. Phishing front-ends can present accurate branding while substituting malicious approvals.

If a wallet was connected recently to a spoofed page, it is prudent to review recent transactions and revoke any suspicious token approvals. Pausing interaction until official restoration details are published can reduce exposure.

Reserves can be cross-checked via the Chainlink Proof-of-Reserve feed referenced by the company’s update. Monitoring verified announcements for confirmed safe links and any registrar-related remediation can help limit risk while DNS settings are being secured.