Hackers have hit decentralized finance (DeFi) platforms PancakeSwap (CAKE) and Cream Finance (CREAM) in simultaneous attacks that sought to compromise users’ private keys.
In a tweet posted Monday morning, Cream Finance revealed that their website had suffered a domain name system (DNS) spoofing attack which tried to trick their users into typing their private seed phrase into a fake MetaMask input box.
“Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on app.cream.finance. DO NOT enter your seed phrase. We will never ask you to submit any private key or seed phrases.”
PancakeSwap also confirmed that its DNS has been compromised. Users are also being required to enter their seed phrase upon trying to connect to MetaMask.
While in the midst of the DNS hijack, both projects implored their users to never enter their private keys or seed phrase to any website as a precautionary measure.
A few hours after reports of the attack surfaced, Cream Finance highlighted that they have regained control of their DNS, as well as both their cream.finance and app.cream.finance websites.
As for PancakeSwap, the project is still working to update its DNS records across the internet.
“Still a couple of areas left. dnschecker.org/#NS/pancakeswa“
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/Sergey Nivens