• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • About us
  • Contact Us
  • Our Team

Blockchain Consultants

Blockchain Transformations Done Here

  • News
  • Subscribe
  • Cryptocurrency Exchange
You are here: Home / blockchain technology / Phishing attack uses PancakeSwap and Cream domains to steal money

Phishing attack uses PancakeSwap and Cream domains to steal money

March 15, 2021 by Blockchain Consultants

Two decentralized finance projects are reportedly being targeted by a DNS spoofing attack. According to reports from Monday morning U.S. time, PancakeSwap and Cream Finance, two projects deployed on Binance Smart Chain, are phishing users into entering their private key on the website.

Cream Finance is inaccessible as of the time of writing, but PancakeSwap still loads correctly and showcases the phishing attempt. Upon trying to connect MetaMask, the page loads a fake window requesting the user to input their private key. This also happens on browsers like Safari, where MetaMask is unavailable. There are almost no occasions when a user should input their seed phrase into a browser app, especially not when interacting with DeFi.

Screenshot from Pancake Swap, taken around 3 PM UTC.

The Cream Finance and the Pancake Swap teams confirmed that the issue is a DNS spoofing attack. The Domain Name Service connects a domain name to an IP address on the web. It appears that the registration for the two services was hijacked to point to an attacker-controlled server. According to ICANN records, the DNS registration was updated for both websites on Monday, shortly before the reports of malicious activity.

The DNS entry was updated on Monday. Source: ICANN

Both websites appear to be registered through GoDaddy. One possible explanation is that the teams’ accounts on the provider were hijacked, allowing the attacker to officially change the DNS routing point for the domains.

Cointelegraph requested comment from Cream Finance but did not immediately receive a response. The story is developing.

Phishing attack uses PancakeSwap and Cream domains to steal money

Source

Filed Under: blockchain technology Tagged With: Binance, Browser, Browsers, Cream Finance, decentralized, Decentralized Finance, DeFi, DNS, domains, finance, hack, MetaMask, money, PancakeSwap, phishing, safari, u.s.

Automatically subscribe for Blockchain Consultants Updates

Footer

Get the latest news delivered weekly. Simple as that.

  • Cryptocurrency Exchange
  • About us
  • ANTI-SPAM POLICY
  • Cookies Policy
  • Digital Millennium Copyright Act (DMCA) Notice
  • Earnings Disclaimer
  • Exchanges
  • Our Team
  • Terms of Use

Copyright © 2021 · Blockchain Consultants LLC · WordPress · Log in