DeFi project DNS hijack attack: PancakeSwap regains access; Cream’s website still compromised

Websites of DeFi projects Cream.Finance and PancakeSwap reportedly came under attack by hackers. According to their tweets, the projects’ DNS had been compromised. Users who visited the websites of both DeFi projects were greeted by a pop-up requesting their seed phrase. While PancakeSwap claims to have regained DNS, Cream Finance appeared to still be compromised at press time.

According to Pancake Swap:

We have regained access to the DNS.

Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.

Will send another update shortly.

Thanks for waiting.

— PancakeSwap ? #BSC (@PancakeSwap) March 15, 2021

Cream.Finance, which is still accessible, displays spoof-like message on its website once the user attempts to connect their wallet: 

Source: Cream.Finance

However, in a tweet, Cream.Finance project stated that the team had purchased and deployed to https://app.creamfinance.co – which has been deemed “safe to use” by the team. 

Earlier, Pancake Swap cautioned users via a tweet that stated: 

This is now confirmed.

DO NOT go to the Pancakeswap site until we confirm it is all clear.

NEVER EVER input your seed phrase or private keys on a website.

We are working on recovery now.

Sorry for the trouble. https://t.co/JN7TXlo9od

— PancakeSwap ? #BSC (@PancakeSwap) March 15, 2021

In addition to alerting its users, teams from both DeFi projects stated that users are not required to enter their private key (the seed phrase) on their websites and stay away from the compromised until the teams are able to fix the issue

Since both projects are based on Binance Smart Chain, CEO of Binance ChangPeng Zhao or ‘CZ’ quickly addressed the situation. He told his Twitter followers that “a number of DeFi projects are under DNS hijack attack.” He specifically mentioned Pancake and Cream, and urged users to be careful and “not use them until they recover the situation.”