Tue. Aug 9th, 2022

At least two major decentralized finance (DeFi) projects – Pancakeswap (CAKE) and Cream Finance (CREAM) – on Monday, urged their users to stay away from their websites that were hit with so-called DNS-hijacks. (Updated at 16:32 UTC: updates throughout the entire text. Updated on March 16, 05:21 UTC with a comment from Cream Finance.)

Source: Adobe/Negro Elkha

At 16:03 UTC, PancakeSwap said that they regained access to the DNS.

“Some users might still be affected, depending on their DNS resolution as some propagation time may be needed,” they said, promising more updates soon.

Meanwhile, Cream Finance, at 16:16 UTC, said they have purchased and deployed to app.creamfinance.co, claiming that this site is safe to use. Later, they confirmed that they have also regained control of DNS and “everything is back to normal on cream.finance and app.cream.finance” – “these sites are now safe to use.”

“Your funds are only at risk if you enter your private key or seed phrase into the hijacked site,” PancakeSwap said on Monday.

Cream Finance also confirmed that their “DNS has been compromised by a third party; some users are seeing requests for seed phrase on http://app.cream.finance. DO NOT enter your seed phrase.”

“A number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation,” Binance CEO Changpeng Zhao warned.

Leave a Reply

Your email address will not be published.

Pin It on Pinterest