Crypto News

Cream Finance Provides Postmortem Report Of DNS Hijacking

CREAM Finance
Image source:

Long Beach (CoinChapter): Cream Finance was one of many DeFi protocols to fall victim to a DNS hijacking on March 15. The protocol was ultimately able to regain control of its DNS and released a report detailing exactly what happened.

Cream started off the postmortem report by ensuring users their funds were safe and that they had regained control of their DNS. They also thanked the community for their support throughout the issue.

What their investigation found was that their GoDaddy account was compromised, redirecting users to a phishing page. Just five minutes after their website went down, they noticed the phishing page for the first time. Cream then noticed that their GoDaddy login credentials were compromised and they couldn’t log in.

They contacted CoinGecko, CoinMarketCap and imToken to update their website link and put up warning messages about 20 minutes later. Afterwards Cream set up a ‘war room’ to discuss how to recover their DNS before making the announcement about the hijacking on Twitter. That announcement came around 90 minutes after originally discovering the phishing page.

Two alternative websites were put up so users could continue to use Cream and they reclaimed ownership of their DNS just before 1am the following day. From the time the website went down it took the protocol around five hours to reclaim ownership.

Cream Notes That The Hack Only Affected Its Website

Cream noted that the hack affected only its website. Their smart contracts and user funds remained safe throughout the attack. They have also deployed their frontend with IPFS and added that they have full control of ENS record, which will prevent these kinds of attacks in the future.

Cream finance tweet
via twitter @CreamdotFinance

The DeFi protocol also went through its activity log, noting that their Google account was never compromised. It also showed a password reset request sent to attacker’s email address, but no record of email address change. PancakeSwap also confirmed that the same attacker caused their DNS hijacking.

Cream finished their report by reminding users that they would never ask to submit any private key or seed phrases.

How useful was this post?

Click on a star to rate it!

Corey Hansford CoinChapter
Corey Hansford

Corey has been involved in media and writing since graduating from the illustrious Howard University with a degree in Broadcast Journalism. While relatively new to the cryptocurrency world, he has been writing since 2012 with most contributions coming in the sports world on websites such as and Corey is also an avid sports fan who closely follows the Lakers, Cowboys, Dodgers, WWE, and UFC.

Related "DeFi" News

BitTorrent Holds Critical Bullish Support Following Coldstack Partnership
Long Beach (CoinChapter): On Monday a partnership was announced between BitTorrent and Coldstack. The partnership will allow Coldstack to...
Oasis Foundation Partnering With Tidal To Implement DeFi Insurance Platform
Los Angeles (CoinChapter) – The Oasis Foundation announced that decentralized finance (DeFi) insurance and coverage provider Tidal. Will be...
CipherTrace Launches DeFi Compli Using Chainlink
Long Beach (CoinChapter): Cryptocurrency intelligence company CipherTrace is using Chainlink to release CipherTrace DeFi Compli. This is a compliance solution...
PAID Network Announces Investment From Binance
Long Beach (CoinChapter): PAID Network announced that it has received an investment from Binance’s $100 Million DeFi Accelerator Fund....
Cardano To Launch Smart Contracts Soon, Will It Be Biggest Smart Contract Blockchain?
Long Beach (Coinchapter): IOHK CEO Charles Hoskinson announced that the Alonzo testnet could go live as soon as April....
Tendermint Launches $20M Venture Fund To Support Projects On Cosmos Network
Los Angeles (CoinChapter): Tendermint, one of the leading firms behind Cosmos, is launching a $20 million venture fund to...