On 18th September 2024, we experienced a security incident where a malicious actor briefly gained access to our domain registrar account for ethena.fi. Despite the domain registrar account being secured with a username, a password managed through a secure password manager, and TOTP two-factor authentication, the attacker was able to change the admin email address without authorization, gain access to the account, and temporarily host a phishing website on our domain. Our automated detection systems alerted us of the account access and nameserver change within minutes, and our incident response team acted swiftly to contain the breach. We worked closely with industry partners to block malicious traffic, lock down the domain registrar account, and take down the malicious website within 2 hours.