Hackers compromised PancakeSwap’s and Cream Finance’s websites yesterday.
The Domain Name Service (DNS) attack modified the affected protocols’ website to display a request for the user’s seed phrase, which, if submitted, would compromise their entire account.
PancakeSwap and Cream urged their users to stay away from their URLs as they scrambled to regain control of their sites and fix the issue.
Security researcher Stefan Tanase explained to The Defiant that, looking at historic DNS data, “the Pankcakeswap website was resolving to a malicious IP.”
The attack highlighted that while a blockchain can be secure, websites which use them as backends can be compromised. As the DNS was the attack vector, companies like Unstoppable Domains which provide decentralized alternatives to the system took the opportunity to offer their services.
PancakeSwap is the most used decentralized exchange on Binance Smart Chain, with $745M in daily volume according to CoinGecko. Cream Finance is an Ethereum-based lending protocol with $200M of value locked according to DeFi Pulse.
Because the attack was not on a smart contract itself it is still unclear how many users the hacker tricked into sending their seed phrase as well as the total amount the attack netted.
Cream’s token value has moved less than 2% at the time of writing and since the hack announcement tweet. Pancake’s fared worse, dropping as much as 8%, but has since recovered.