Multiple DeFi protocols listed on the Binance Smart Chain have reportedly experienced a DNS breach from a third party. Among the protocols were Pancake Swap and Cream Finance.Multiple DeFi protocols listed on the Binance Smart Chain have reportedly experienced a DNS breach from a third party. Among the protocols were Pancake Swap and Cream Finance.
Binance CEO Changpeng Zhao asked traders to stay away from the breached protocols until the risk has been taken care of. “A number of DeFi projects are under DNS hijack attack,” Zhao said in a tweet. “Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness.”
The first to report the breach was Cream Finance where hackers posted seed phrase requests. Afterwards the Cream Finance official Twitter urged its users to avoid using their platform and never reveal their seed phrase.
“Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on http://app.cream.finance. DO NOT enter your seed phrase. We will never ask you to submit any private key or seed phrases.”
Pancake Swap and Cream Finance Urged User Not To Use Site
Not long after, Pancake Swap confirmed that they had also been hacked and, much like Cream, urged its users not to use the site. “This is now confirmed,” Pancake Swap said on its official Twitter page. “DO NOT go to the Pancakeswap site until we confirm it is all clear. NEVER EVER input your seed phrase or private keys on a website. We are working on recovery now. Sorry for the trouble.”
Binance Smart Chain has gained a lot of traction in the past couple of months from Ethereum traders and the Defi ecosystem. People began projecting it as the next Ethereum killer, but with the surge in popularity came a target from scammers and hijackers.
Just a couple of weeks ago, Meerkat Finance allegedly rug-pulled $32 million of tokens just one day after listing. Binance has also faced plenty of scrutiny for OM protocol listing because the founders have an alleged fraudulent past.
Both Cream and Pancake Swap have since regained access to its DNS post-breach. They did both warn however, that some users may still be affected depending on their DNS resolution.