The DNS spoofing attack reportedly targeted two decentralized finance projects. According to a report today, PancakeSwap and Cream Finance, two DeFi projects deployed on Binance Smart Chain, are phishing users to enter their private keys on the website.
According to the tweets of the two projects, the hijackers are asking users to enter a 12-digit starting phrase, unique to each cryptocurrency wallet, to steal money from investor accounts.
When trying to connect to MetaMask, the page loads a fake window asking the user to enter their private key. This also happens in browsers like Safari, which MetaMask cannot use. There are almost no occasions when a user should input their seed phrase into a browser app, especially not for interacting with DeFi.
The Cream Finance and Pancake Swap team have confirmed that this issue is a DNS spoofing attack. Domain Name Services associate domain names with IP addresses on the web. It appears that the registry of these two services was hijacked to point to a server controlled by the attacker.
Both sites appear to be registered through GoDaddy. One possible explanation is that the provider has been hijacked, so the attacker can officially change the domain’s DNS routing point.
Cream and PancakeSwap urge users to stay away from the applications until the hijacking problem is resolved.
Exploits on DeFi Projects Might Not End Soon
As DeFi continues to thrive, remember that some criminals in this crypto space are trying to exploit protocols. If they succeed, they can scam people for their hard-earned money.
You should never reveal your seed phrase to anyone. Also, employing appropriate security measures will help safeguard your cryptocurrencies.