There’s a lot of buzz around DeFi platforms, and the hackers know that perfectly. Previously, they’ve been hacking directly into the smart contracts to steal the funds, but now they did something “easier”. That’s hijacking the DNS of the Binance-based protocols PancakeSwap and Cream.
This isn’t a new type of attack, and it doesn’t limit itself to the crypto-world. It happens when the hacker manages to hijack the Domain Name System (DNS) of a certain website -with nefarious purposes. Basically, the DNS is the unique website name (the one you find in the URL).
So, in a DNS attack, the hacker takes control of it, intercepts the queries (readings) of the site, and redirects the victims automatically to their own malicious webpage(s). In this case, those webpages are phishing (fake) versions of PancakeSwap and Cream. Unaware of it, the victims can send them funds through these sites (because the URL looks the same) or even believe in malicious messages asking for their private keys.
Changpeng Zhao, CEO of Binance, warned about the situation on Twitter. Of course, PancakeSwap and Cream teams did the same. They recommended not using the platforms until the problem is solved.
A number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness. https://t.co/rG8Ad77nYF
- CZ 🔶 Binance (@cz_binance) March 15, 2021
According to Cream Finance, they already regained control, but some users may still be affected for a while. Besides, the phishing website is still around with another URL, so, caution is advised. In the meantime, PancakeSwap has regained only partial control and they’re taking care of the issue. No stolen funds were reported yet.
Beyond PancakeSwap and Cream
Sadly, these kinds of DNS and phishing attacks are pretty common and go far beyond the DeFi ecosystem. We already saw another serious case with MyEtherWallet (MEW) in 2018. The hackers stole its domain and redirected it to a phishing website of the wallet, aiming to ask for the victims’ private keys.
And it worked: thousands of dollars in losses were reported before the MEW team solved the problem. In these cases, the main sign of trick you can spot easily is the SSL certificate next to the URL. That’s the domain name in green, along with a small padlock. If it isn’t there, then you shouldn’t use that webpage. Your cryptocurrencies can be stolen there.
Another easy way to protect your funds from these attacks (which go beyond your own devices), is by using a strong VPN. These tools let you bypass the local router settings and create an “encrypted” tunnel with its own DNS resolvers. This means that the DNS attack wouldn’t affect you, because you’d be browsing through a different system.
We should also consider that PancakeSwap and Cream may barely be the first ones on these hackers’ list. So, we should be vigilant and prepared when using any DeFi platform.
Featured Image by Hans Braxmeier / Pixabay
Originally published at https://blog.alfa.cash on March 15, 2021.