Two Crypto Attacks Expose Domain Hijacking Protection Gaps

Originally published at https://monstadomains.com/blog/domain-hijacking-protection/ Two crypto platforms lost control of their domains in the span of three weeks, and both attacks were technically trivial. HypurrFi had its primary domain hijacked on April 3, 2026, forcing its founder to issue a public warning telling users to stay away from the compromised site. Three weeks earlier, Bonk.fun was hijacked on March 12 – attackers injected a fake terms-of-service prompt that drained connected crypto wallets from users who signed it. In both cases, the underlying blockchain was untouched. The attack hit the domain. If you have not thought seriously about domain hijacking protection, you are one compromised account away from the same outcome. HypurrFi: How DNS Manipulation Broke Domain Hijacking Protection On April 3, 2026, HypurrFi – a decentralised lending and borrowing protocol running on HyperEVM – had its primary domain, hypurr.fi, compromised. Attackers gained control of the DNS recor