DeFi protocol Steakhouse Financial has reported a sophisticated DNS hijacking attack targeting its web infrastructure via a social engineering breach at OVH Cloud. On March 30, 2026, malicious actors gained unauthorized access to the project's domain management, redirecting the primary website and application subdomains to fraudulent IP addresses. Despite the compromise of the web interface, the team has confirmed that all on-chain smart contracts and vaults remain secure, with no loss of depositor capital reported during the incident.
Social Engineering and Infrastructure Recovery
The breach originated from a phone-based social engineering attack directed at the customer support of OVH Cloud, Steakhouse Financial's service provider. Once inside the account, attackers modified DNS A records and initiated a five-day domain transfer process to seize full control of the web assets. Steakhouse Financial administrators acted quickly to reverse these changes and clear the malicious records.
- The attackers attempted to reroute traffic to phishing sites to steal user credentials.
- All vault functions, including liquidity provision and withdrawals, were unaffected as they reside on the blockchain.
- No other service accounts or internal databases were compromised during the event.
Accessing Funds via Morpho Protocol
While the official frontend remains offline for security validation, the project has informed users that they can still manage their assets through alternative interfaces. Specifically, the vaults are directly accessible through the Morpho protocol, allowing users to execute deposits and withdrawals without relying on the Steakhouse domain. Direct interaction with smart contracts via block explorers also remains a viable option for experienced users.
All vaults and contracts remain unaffected, depositor funds are safe, and no other service accounts have been compromised. Please do not interact with the official website or emails until the issue is resolved.
Steakhouse Financial is currently conducting a comprehensive audit of its security protocols in coordination with OVH. A detailed post-mortem report is expected to be released following the full restoration of the frontend services. Users are advised to exercise caution and avoid any links sent via email or social media that claim to lead to the official platform until a formal confirmation of restoration is issued.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.