There’s a lot of buzz around DeFi platforms, and the hackers know that perfectly. Previously, they’ve been hacking directly into the smart contracts to steal the funds, but now they did something “easier”. That’s hijacking the DNS of the Binance-based protocols PancakeSwap and Cream.
This isn’t a new type of attack, and it doesn’t limit itself to the crypto-world. It happens when the hacker manages to hijack the Domain Name System (DNS) of a certain website —with nefarious purposes. Basically, the DNS is the unique website name (the one you find in the URL).
So, in a DNS attack, the hacker takes control of it, intercepts the queries (readings) of the site, and redirects the victims automatically to their own malicious webpage(s). In this case, those webpages are phishing (fake) versions of PancakeSwap and Cream. Unaware of it, the victims can send them funds through these sites (because the URL looks the same) or even believe in malicious messages asking for their private keys.
Changpeng Zhao, CEO of Binance, warned about the situation on Twitter. Of course, PancakeSwap and Cream teams did the same. They recommended not using the platforms until the problem is solved.
According to Cream Finance, they already regained control, but some users may still be affected for a while. Besides, the phishing website is still around with another URL, so, caution is advised. In the meantime, PancakeSwap has regained only partial control and they’re taking care of the issue. No stolen funds were reported yet.
Beyond PancakeSwap and Cream
Sadly, these kinds of DNS and phishing attacks are pretty common and go far beyond the DeFi ecosystem. We already saw another serious case with MyEtherWallet (MEW) in 2018. The hackers stole its domain and redirected it to a phishing website of the walletA crypto wallet is a user-friendly software or hardware used to manage private keys. There are software wallets for desktop... More, aiming to ask for the victims’ private keys.
And it worked: thousands of dollars in losses were reported before the MEW team solved the problem. In these cases, the main sign of trick you can spot easily is the SSL certificate next to the URL. That’s the domain name in green, along with a small padlock. If it isn’t there, then you shouldn’t use that webpage. Your cryptocurrencies can be stolen there.
Another easy way to protect your funds from these attacks (which go beyond your own devices), is by using a strong VPN. These tools let you bypass the local router settings and create an “encrypted” tunnel with its own DNS resolvers. This means that the DNS attack wouldn’t affect you, because you’d be browsing through a different system.
We should also consider that PancakeSwap and Cream may barely be the first ones on these hackers’ list. So, we should be vigilant and prepared when using any DeFi platform.
Featured Image by Hans Braxmeier / Pixabay
Wanna trade BitcoinBitcoin is the first decentralized digital currency. It was created in 2009, by an anonymous founder or group of founders... More and DeFi tokens? You can do it safely on Alfacash! And not forget we’re talking about this and a lot of other things on our social media.
Twitter * Telegram * Facebook * Instagram * Youtube * Vkontakte
English 
العربية 
简体中文 
Čeština 
Nederlands 
Français 
ქართული 
Deutsch 
Ελληνικά 
हिन्दी 
Magyar 
Italiano 
日本語 
한국어 
Norsk bokmål 
Polski 
Português 
Română 
Русский 
Slovenčina 
Español 
Svenska 
Türkçe