DeFi protocols PancakeSwap and Cream compromised by phishing

There’s a lot of buzz around DeFi platforms, and the hackers know that perfectly. Previously, they’ve been hacking directly into the smart contracts to steal the funds, but now they did something “easier”. That’s hijacking the DNS of the Binance-based protocols PancakeSwap and Cream.

This isn’t a new type of attack, and it doesn’t limit itself to the crypto-world. It happens when the hacker manages to hijack the Domain Name System (DNS) of a certain website -with nefarious purposes. Basically, the DNS is the unique website name (the one you find in the URL).

So, in a DNS attack, the hacker takes control of it, intercepts the queries (readings) of the site, and redirects the victims automatically to their own malicious webpage(s). In this case, those webpages are phishing (fake) versions of PancakeSwap and Cream. Unaware of it, the victims can send them funds through these sites (because the URL looks the same) or even believe in malicious messages asking for their private keys.

Changpeng Zhao, CEO of Binance, warned about the situation on Twitter. Of course, PancakeSwap and Cream teams did the same. They recommended not using the platforms until the problem is solved.

A number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness.

- CZ 🔶 Binance (@cz_binance) March 15, 2021

According to Cream Finance, they already regained control, but some users may still be affected for a while. Besides, the phishing website is still around with another URL, so, caution is advised. In the meantime, PancakeSwap has regained only partial control and they’re taking care of the issue. No stolen funds were reported yet.

Beyond PancakeSwap and Cream

Sadly, these kinds of DNS and phishing attacks are pretty common and go far beyond the DeFi ecosystem. We already saw another serious case with MyEtherWallet (MEW) in 2018. The hackers stole its domain and redirected it to a phishing website of the wallet, aiming to ask for the victims’ private keys.

And it worked: thousands of dollars in losses were reported before the MEW team solved the problem. In these cases, the main sign of trick you can spot easily is the SSL certificate next to the URL. That’s the domain name in green, along with a small padlock. If it isn’t there, then you shouldn’t use that webpage. Your cryptocurrencies can be stolen there.

Another easy way to protect your funds from these attacks (which go beyond your own devices), is by using a strong VPN. These tools let you bypass the local router settings and create an “encrypted” tunnel with its own DNS resolvers. This means that the DNS attack wouldn’t affect you, because you’d be browsing through a different system.

We should also consider that PancakeSwap and Cream may barely be the first ones on these hackers’ list. So, we should be vigilant and prepared when using any DeFi platform.

Featured Image by Hans Braxmeier / Pixabay

Wanna trade Bitcoin and DeFi tokens? You can do it safely on Alfacash! And not forget we’re talking about this and a lot of other things on our social media.

Twitter * Telegram * Facebook * Instagram * Vkontakte

Originally published at on March 15, 2021.

We are an eight-year-old and duly regulated cryptocurrency exchange. We offer crypto-fíat and non-custodial transactions, and valuable knowledge in our blog.

We are an eight-year-old and duly regulated cryptocurrency exchange. We offer crypto-fíat and non-custodial transactions, and valuable knowledge in our blog.