DNS Hijack Hits OpenEden, Putting User Funds in Immediate Danger

  • Published: February 16, 2026
  • 4:47 pm
  • Updated: February 16, 2026
  • 4:47 pm
DNS Hijack Hits OpenEden, Putting User Funds in Immediate Danger
Table of Contents

TL;DR

  • OpenEden warned that its DNS was compromised and users may be redirected to a fake portal that steals assets when a wallet is connected.
  • Reserves remain intact and verifiable through the Chainlink Proof of Reserve. Smart contracts were not modified.
  • Similar attacks affected Aerodrome Finance and Curve Finance last year. The company did not provide a date to safely restore its services.

OpenEden reported that the DNS system for the domains openeden.com and portal.openeden.com was compromised. The company warned that accessing them through web browsers may lead users to a fake site and result in asset loss if a wallet is connected. The team issued an alert and asked users not to interact with those addresses while the incident is under investigation.

The platform stated that its reserve assets remain secure and can be verified through the Chainlink Proof of Reserve system. The incident did not affect the smart contracts or the actual custody. The risk appears if a user enters the compromised portal and signs transactions within the manipulated interface.

openeden hack

OpenEden has operated since 2022 in Singapore as an institutional manager of tokenized real-world assets. The company issues the TBILL token, which provides exposure to U.S. Treasury bills backed by securities held in segregated accounts. The platform serves professional investors, DAO treasuries, and companies. The fund received A ratings from Moodyā€™s and AA+ from S&P Global Ratings.

OpenEden Did Not Say When Services Will Be Restored

The attack relies on manipulation of the domain name system. Attackers alter records and redirect traffic to servers under their control. A user types the legitimate address, reaches an identical copy of the site, and connects a wallet. The page requests transaction signatures that appear normal but authorize token transfers to attacker addresses.

openeden post

In November 2025, Aerodrome Finance had its domain taken over and a fraudulent site enabled the theft of ETH, USDC, and other assets from many users. In May 2025, Curve Finance experienced an intrusion at its domain registrar and migrated to an alternative address while recommending access through ENS.

OpenEden did not detail the method used to gain control of the DNS or identify the attacker or attackers involved. The company also did not provide a date to restore secure access to the domains

RELATED POSTS

Ads

Follow us on Social Networks

Facebook X-twitter Telegram Tiktok Linkedin
Follow Google News

Crypto Tutorials

Tutorials (Basic Level)
Tutorials (Medium Level)
Tutorials (Advanced Level)

Crypto Reviews

Wallets Crypto
Crypto Exchanges (CEX/DEX)
Cryptos A - D
Cryptos E - N
Cryptos O - Z

MOST VIEWED

PRICE PREDICTIONS

CRYPTO 101

We were unable to validate your subscription.
Your subscription has been made.

Crypto Economy Newsletter

Contact US
Facebook X-twitter Telegram Linkedin-in Tiktok

Ā© Crypto Economy

Ā Privacy Policy Ā  | Ā Publication Policy
Ā Ethical Journalism PoliticĀ 
Ā Cookie Policy | Contest Rules | Partners | About us