The cryptocurrency space, since its inception, has suffered at the hands of nefarious individuals looking to rob unsuspecting people of their funds. Many crypto platforms and projects have had to close shop or file for bankruptcy following an unprecedented hack.
PancakeSwap, the popular DEX platform built on the recently launched Binance Smart Chain (BSC), and CREAM finance are at the receiving end of a DNS hijack attack.
Attackers Requesting Seed Phrases
CREAM Finance first announced the DNS attack via Twitter. The DeFi platform furthermore disclosed that the attackers were requesting users to input their seed phrases. In response to this, CREAM Finance reiterated the fact that it would never ask anyone for their seed phrase. The company added that users should stay off the platform until the issue is solved.
Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on https://t.co/Hr6S4Fqodo. DO NOT enter your seed phrase.
We will never ask you to submit any private key or seed phrases.
— Cream Finance 🍦 (@CreamdotFinance) March 15, 2021
The DeFi platform also pointed out Binance Smart Chain DEX platform PancakeSwap was suffering from the same issue.
Pancake, via Twitter, has also confirmed the attack. Furthermore, it is also advising users to stay off the platform until the issue has been resolved. PancakeSwap cited that it was better to be safe than sorry. Alongside the announcement, the fast-rising DEX platform also requested that users share the announcement so as to ensure everyone is informed.
This is now confirmed.
DO NOT go to the Pancakeswap site until we confirm it is all clear.
NEVER EVER input your seed phrase or private keys on a website.
We are working on recovery now.
Sorry for the trouble. https://t.co/JN7TXlo9od
— PancakeSwap 🥞 #BSC (@PancakeSwap) March 15, 2021
Both platforms apologized to users for the inconveniences, adding that recovery was currently in progress.
To further alert users of the danger, Coingecko has put up an announcement of the attack.
As of the time of publication, CREAM Finance says everything is back under control. They tweeted, “We have regained control of DNS and everything is back to normal on cream.finance and app.cream.finance […] These sites are now safe to use. Thank you for your patience as we are continue to monitor this situation.”
What Is a DNS Attack?
A DNS attack, simply put, is a strategic attack in which the attacker capitalizes on the vulnerabilities associated with the Domain Name System. The attack involves hijacking a platform’s domain name and seizing communication between the project and its clients. Users are then redirected to a fake site and asked to input their private keys and seed phrases. Despite its huge security shortcomings, the DNS protocol is well-known for its flexibility.
Just last month, CREAM Finance allegedly lost about 130,000 ETH worth approximately $24 million to hackers. Gas fees on Ethereum blockchain have been a major source of concern to yield farmers. Following PancakeSwap’s launch, yield farmers are moving away from Ethereum to the recently launched platform as a hedge against rising gas fees. This move in February propelled PancakeSwap to become the second-largest DEX after Uniswap.
At the time of publication, CREAM was down -3.7% and was trading at $108.05. It also had a market cap of $70,644,173 and a 24-hour trading volume of $4,927,037.
Join us on Telegram to receive free trading signals.
Find out more about the crypto and blockchain space on the Altcoin Buzz YouTube channel.