Hackers target Pancakeswap in DNS hijack attack, currently harvesting private keys – Hackers on Monday targeted some defi projects using a DNS hijack attack, a DNS hijacking or User Redirection Attack is a common type of Domain server breach that targets a vulnerability in the stability of a network’s domain server system. It could be an attack on the DNS infrastructure itself, making it unavailable, or subverting the website’s users to go to an alternative destination.
Top among victims of the attack is https://app.cream.finance/ which is currently harvesting seed phrases and private keys of users; Binance smart chain’s Pancakeswap is also a victim of the attack.
Confirming the hack, CEO of number one exchange, Binance CZ tweeted; “a number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness”.
In a firm warning, PancakeSwap cautioned users: “this is now confirmed. DO NOT go to the Pancakeswap site until we confirm it is all clear. NEVER EVER input your seed phrase or private keys on a website. We are working on recovery now. Sorry for the trouble”
Investing in DeFi protocols can be extremely risky, since they are prone to hacks—half of all crypto-related hacks in 2020 targeted DeFi, according to the blockchain data company Chainalysis.
There’s no sign of that slowing down in 2021: last week, a decentralized exchange called Dodo was hacked for nearly $4 million.
Just yesterday, Financial Watch reported how over $5M was lost to an exploit when someone sold a huge amount of social tokens issued on Roll platform, as a result, an attacker earned almost 3k ETH ($5.7M), of which 700 have already been sent to Tornado Cash and Most of social token prices dumped as a result.
Affected tokens include: – Whale, Mork, Julien, Cherry, Fwb, Karma, Alex, Kerman, Skull, Hue, and First.
This post was last modified on March 15, 2021 5:32 PM