Decentralized finance protocols running on BSC, Cream Finance and PancakeSwap, were victims of a DNS hijacking and spoofing attack, in which their domains were replaced with malicious interfaces to scam and steal from users.
According to reports from both protocols DeFi, a malicious user managed to attack and compromise the security of the two protocols, cream finance y PancakeSwap, via the Domain Name System (DNS). The malicious user hijacked and impersonated the real domains of both DeFi projects with malicious interfaces that showed users fake windows within the websites, requesting sensitive information in an attempt to steal their victims’ money.
On their Twitter account, the developers of cream finance, a DeFi protocol for collateral-free decentralized lending, warned that its DNS system had been compromised by an unknown third party, who was sending users a request to reveal their 12 keywords. In the warning, the protocol developers assured that Cream Finance will never ask any user to reveal their seed phrase, so no one should enter her, not even her private key, on the site nor send this data through any means.
“Our DNS has been compromised by a third party; some users are seeing seed phrase requests on app.cream.finance. DO NOT enter your seed phrase. We will never ask you to send any private key or seed phrase.”
Likewise, the Cream developers warned that PancakeSwap was going through the same situation, and reiterated that users of these protocols should not fall into the trap of scammers, nor send their keys through any website or chat. PancakeSwap confirmed that its DNS was hijacked and called on the crypto community of users to not use the website until the situation was resolved.
At the time of this writing, both Cream Finance and PancakeSwap reported that they had regained full control over their websites, which are now safe to use.
It may interest you: New attack on DeFi leaves Alpha Finance with a loss of $37 million
A phishing scam
Before regaining control over their domains, the Cream Finance and PancakeSwap websites under attack were directing users to fake pages asking them to enter their seed phrases and private keys.
PancakeSwap is one of the most widely used DeFi protocols on the BSC, the blockchain seeking to become a competitor of Ethereum. When trying to connect a digital wallet to this protocol, such as MetaMask, the website invited users to enter their seed phrase in a box on the right, in a clear attempt at fraud.
DNS Spoofing Attack on PancakeSwap.
On the app.cream.finance website, the attacker used the same method, inviting users to enter their seed phrases in a window on the right that was displayed when connecting a wallet.
In both cases, the fake message displayed by the protocols indicated to users a supposed error message, in which they had to provide their seed phrases to continue with the process of connecting the desired wallet. So far, there are no known victims who have fallen into the trap, revealing their seed phrases and private keys and who have lost their funds during this attack.
Attacks on DeFi in recent weeks
Over the past two weeks, several of the DeFi protocols running on BSC and other blockchain networks have been victims of attacks and exploits that have cost users millions of dollars. The latest of these occurred to the protocol Meerkat Finance, which saw nearly $30 million of its users' deposited funds disappear from one of its vaults. Also, the protocols furucombo y DODO were involved in exploits in which they were robbed of nearly $15 million and $3,8 million, respectively.
Other attacks, not reported in this medium, occurred in Roll, a social token platform that lost over $4,6 million worth of ETH; and PAID Network, who was also the victim of an exploit in which he lost around $3,6 million worth of ether.
At press time, DeFi protocols hold more than $52.000 billion in their vaults, according to data from DappRadar, making them the perfect target for fortune-hunting hackers.
Continue reading: “BitcoinPaperWallet” appears to be responsible for the disappearance of more than 124 BTC
