Kelp DAO Security Incident Analysis: The attacker impersonated the Kelp team to persuade GoDaddy's customer support to bypass 2-FA verification

ChainCatcher message, the liquidity staking protocol Kelp DAO reviews the previous security incident: On July 22 at 22:30, Kelp's dApp began displaying transactions from malicious wallet activities attempting to steal user funds. The Kelp team responded immediately, locking down the domain name server, restoring ownership access, and resolving the issue.

The attacker impersonated the Kelp team and successfully convinced GoDaddy's customer support to bypass 2-FA. The Kelp team is taking preventive measures, including migrating to another domain registrar and strengthening alerts for abnormal UI behavior. A few users reported losing funds due to UI attacks, and the Kelp team is providing support.