Latest News

Cream Finance and PancakeSwap Undergo DNS Hijack Attack

Cream Finance and PancakeSwap Undergo DNS Hijack Attack
Image by Pete Linforth from Pixabay

DeFi projects developed on BSC (Binance Smart Chain), Cream Finance and PancakeSwap, have experienced a DNS hijack attack. Binance’s CEO Changpeng Zhao took to Twitter to warn about the exploit. DeFi protocol Cream Finance is undergoing its second hack of 2021. However, this time, attackers have targeted the website’s DNS and employed it to request users’ private keys and seed phrases. As per the team, Cream’s smart contracts are safe, but hackers have gained control of the website.

The team contended that some of its users were facing demands for their seed phrases. Additionally, seed phrases help in recovering wallets. The team often cautions that seed phrases should never be shared with third-parties, who would then have access to the user’s wallet. They’re now applying this control to request users’ seed phrases and clear the account of those who fall prey to the trick. 

After launching in July 2020, Cream has been a significant component of the DeFi ecosystem. Their cooperation with Yearn Finance on the Iron Bank Project has been a famous project in the space. Moreover, this is not the first hacking problem witnessed by Cream. Over a month ago, the protocol was exploited, losing $37.5 million to the hackers.

PancakeSwap undergoes similar exploit as Cream Finance

Immediately after that, PancakeSwap informed that they might have also suffered an exploit similar to Cream. They suggested not employing their site until it was confirmed. In a few minutes, PancakeSwap verified that exploiters hijacked their DNS as well. They also indicated to “NEVER EVER input your seed phrase or private keys on a website.” As PancakeSwap is the most comprehensive DeFi platform on BSC (Binance’s Smart Chain), it was only a matter of time before knowing about the attack.

Furthermore, Binance’s CEO Changpeng Zhao then took to Twitter to declare that the attack was taking place. In response to CZ’s tweet, a Twitter user accorded an image of attempting to access the PancakeSwap domain. The picture confers a notice that the connection was not private and that attackers might steal the user’s information through the PancakeSwap domain. Lately, Binance Smart Chain has grown as a serious contender to Ethereum due to its high gas fees. Nevertheless, ongoing security issues may jeopardize that ambition.

Follow BitcoinWorld for the latest updates.

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.