Bitcoin Forum

There was a phishing attack on two domains which are PancakeSwap and Cream domains, the attack was a Domain Name System (DNS) attack, users will see a displace where they can fill in their seed phrase to connect there wallet, this is used to steal from users that fill in their seed phrase. The domain has been regained, but users should know not to fill in their seed phrase on any site, if filled, attackers will only use it to get into your wallet and send all the coins their to their own wallet.

https://i.imgur.com/GVjoTUr.jpg

Pancake Swap and Cream Finance confirms this on Twitter.

https://i.imgur.com/G1nkAq8.jpg

https://i.imgur.com/yiy1QGB.jpg

https://mobile.twitter.com/StaniKulechov/status/1371470070833164288
https://mobile.twitter.com/CreamdotFinance/status/1371448627663491088?s=20

Ongoing means the websites are still under the attackers control but that's not the case on PancakeSwap anymore.

My posts on related topics:


EDIT: BOTH PLATFORMS HAVE REGAINED ACCESS OF THEIR DNS

Additional references:

I will edit that to just let people know not to fill in their seed phrase on any platform as it is very risky.

Of course I heard the news about PancakeSwap, but I didn't know that Cream was also attacked. Ksati, I can’t go to both sites, my metamask says that it’s not safe. They should probably turn to metamask if they really control their sites.

This kind of attacks are pretty common during the bull ran. In 2017, both Myether wallet  and Etherdelta decentralized exchange that we so popular back then suffered DNS hijacks that lead to loss of hundreds of USD worth of ERC20 tokens and Ether

- https://themerkle.com/etherdeltas-dns-hacked-website-replaced-with-hackers-duplicate-to-steal-funds/
- https://cryptocoin.news/videos/breaking-news-myetherwallet-was-hijacked-11475/

People have to be very alert all the time when using such platforms. You can never know when hackers attack.

Yeah, I remember the MyEther attack in 2017, and there was a lot that time.

And currently, I have seen a lot of fake pancakeswap phishing and fake sites, although it has been taken down already, it will not be the last and we might see the attack intensifies as pancakeswap is one of the hottest commodity right now.

Lucky me to open my twitter and see announcement before i open my pancakeswap so i hope my money still save
And i hope with this experience pancakeswap can improve more their security so people stay and not go from pancakeswap

We will never known until someone claims that they have lost their hard earn money from this kind of sneaky attacks. As I have said previously, hackers are always one step ahead of the game for us. They have the tools and the capability to mount this big attack and for sure the do it because they know they can steal a lot of money here.

So for everyone, we always needs to be be careful giving out our seed and mnemonic phrases easily. Check everything first.

I've heard about this unfortunate incident, it's really annoying that when I was holding some coins up there, every announcement was alerted as soon as this serious happening. I think things might calm down in the near future, and also some good opportunities for people to be able to buy CAKE at a low price, I also buy myself some CAKE, to be honest. Unwanted attempts to happen in this market sometimes it is not a bad thing but also offers some opportunities.

To be honest, the price did not drop much, this is a standard chart without any anamalies, perhaps this news was not significant, thank God, now everything is available and metamask does not define it as phishing.

Reminder
People should getting learn everyday and fullfil they knowledge about DeFi these days. DeFi is not only a name. Decentralized Finance is works like its name, a financial platform where you can get benefits as users without the needs of third party.
It means if you're new to this, always remember when using a defi platform, they'll never ask for your keys! No matter if its hacked or not.
Your keys/seed is only for you and your wallet. Even metamask doesn't need your keys..

Just re-read all the sentences above. A defi platform will never ask for any keys. The only way to connect your wallet with defi platforms like pancake, uni, 1inch is just click "connect" button.
If there's any defi platforms need your keys to connect with them, then it's not defi platform. No matter it is hacked or not, never use them!

Yeahh, it's was really make me scared to be honest. I was buying an ALICE Token before on binance and try to do some farms on the pancakeswap but can't open the Pancakeswap website especially if we want to wrap an LP or do some swap but it can solved by using VPN and i recommend you guys if still insist to farm or unstake to use 1.1.1. (From Cloudflare) if not just wait and check current status here if your provider already updated the DNS, Check here https://dnschecker.org/#NS/pancakeswap.finance

The hackers are always monitoring to find the right time to hack into clients server and immediately they attack the servers with DoS,DDOS attack which pushes a phisshy address or domain matching to the actual one and allowing people to deposit funds over that particular address like DoS attack in 2017 which compromised the information and funds of many users to anonymous group of hackers.We need to have proper security check before withdraw and deposit of funds.Pancakeswap was under such attack but it is resolved now but people are trusting Uniswap as better option due ro security factors.

TBH, every hackers/scammers become active and try everything to scam others whenever bull is going on. But in this time, this news of dns attacks on pancakeswap/cream was spread on every media like telegram groups/channels and social platforms which made everyone aware of this situation. Honestly, everyone is now well aware of this type of things whoever in this crypto industry from the previous bull run, except of those newbies who don't know about this type of thing. But it's true that we never know when hackers will attack as bull season is going on.

Just another reminder that it does not matter how secure the technology is (blockchain and cryptography) and it does not matter how secure the platform is (defi and non custodial),,, if you have bad users who do not know how to practice simply online safety, then you risk losing your funds anyway.

That's noly when you are importing your wallet to the metamask but when you are accessing defi and it will need you to give permission for the app to use your metamask without tryna to asking about your priv key or seed phrase.
The hacker has been changing this to force the user give their seed phrase and we know that seed phrase can't be changed.
It's not the same as password.

As a cryptocurrency user, your safety or protection is on you, and not even on the service used cause people's follies usually comes to haunt them and they lose their funds notwithstanding how protected the service used is, for example, users who use HW wallets and expose their seed phrases to scammers will nonetheless lose their funds, cause that's their folly and the fact that a HW wallet is the safest crypto wallet wouldn't come into play in such situations.

Cryptocurrency users should know what the security protocols inherent in the network are, it's not possible for the more experienced users to protect everyone in the network, with some good research, even newcomers will be knowledgeable on the modus operandi of crypto scammers.

Becarefull of this attack, attack like this happen in 2017/2018 to etherdelta and a lot of people secret key ethereum wallet got stolen, rules number one " never hives your secret key or phaseprase to any website in the world, this attack is only to pancake DNS.

It doesn't stop to amuse me why people would do that — fill in their password or pass phrase on something that exposes them, but refuse to hand over their car keys to total strangers. You're wondering the connection in my analogy with your comment? Both scenarios are the same. They smack of stupidity for folks who do them.

The way the PCS team reacted immediately on the DNS attack further reinforced my confidence in the team, honestly. They were up and doing and constantly updating users on their social media handles on the situation. At first, I didn't know there was an attack until I tried buying stuff on the site through a DApp. Once I saw my platform looked funny and unusual, I quickly closed it until I realized there was an attack. I think that should be anyone's reflexes at a discovery like that, and not try to force oneself to use the services if one thought it has been compromised.

Some stupid users still believe and still use it despite warnings from the PancakeSwap media channel. I also don't know what to say and just smile, don't understand what they think when providing seeds, find out that they are trying to sell the coins they just received when joining IDO, and their greed makes them lose their own information.

thanks for the conern but it did already happened and for sure there are still people that got scammed because they just agree and follow all that they saw even though attack like this are not new  .

it was still phishing same happened to etherdelta however the method of login was a bit different because this one here uses seed /phrases while on etherdelta i think that was private key. we need to use safer logins  and we should check if we are in the true site to avoid getting hacked/phished .

Do not be worried, if you do not share your seed with anyone and just keep it a secret, also your private key as well, that means nobody could steal anything from you, there was an attempt but it would stay as attempt as long as people are careful what they are doing, it is not that simple to steal from someone as long as that person is not willing and trying hard not to get hacked.

There are people who are gullible enough or were just not careful and shared their info and those people need to change accounts, those people could be hacked into and hackers could empty their wallets as well, that is a sad thing and shame that it happened, but if you were careful nothing would happen. From this problem we should also face unrekt.net and you will see which places you gave the right to connect to your wallet, you will at least realize it and delete some rights if you want to.