Attack on PancakeSwap and Cream domains to steal seed phrase from users

[Oshosondy]

There was a phishing attack on two domains which are PancakeSwap and Cream domains, the attack was a Domain Name System (DNS) attack, users will see a displace where they can fill in their seed phrase to connect there wallet, this is used to steal from users that fill in their seed phrase. The domain has been regained, but users should know not to fill in their seed phrase on any site, if filled, attackers will only use it to get into your wallet and send all the coins their to their own wallet.



Pancake Swap and Cream Finance confirms this on Twitter.





https://mobile.twitter.com/StaniKulechov/status/1371470070833164288
https://mobile.twitter.com/CreamdotFinance/status/1371448627663491088?s=20

[Bttzed03]

There is another ongoing phishing attack

Ongoing means the websites are still under the attackers control but that's not the case on PancakeSwap anymore.

My posts on related topics:

They have regained access to the DNS since yesterday but some areas weren't ready yet. You can monitor it at https://dnschecker.org/#NS/pancakeswap.finance

~ Pancake swap team were able to regain access but there's another platform (CreamFinance) who failed to do so and were forced to deploy another website.

EDIT: BOTH PLATFORMS HAVE REGAINED ACCESS OF THEIR DNS

Additional references:

We have regained access to the DNS.

Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.

Will send another update shortly.

Thanks for waiting.

We have regained control of DNS and everything is back to normal on http://cream.finance and https://app.cream.finance

These sites are now safe to use.

Thank you for your patience as we are continue to monitor this situation.

[Oshosondy]

I will edit that to just let people know not to fill in their seed phrase on any platform as it is very risky.

[MishaSER]

Of course I heard the news about PancakeSwap, but I didn't know that Cream was also attacked. Ksati, I can’t go to both sites, my metamask says that it’s not safe. They should probably turn to metamask if they really control their sites.

[logfiles]

This kind of attacks are pretty common during the bull ran. In 2017, both Myether wallet  and Etherdelta decentralized exchange that we so popular back then suffered DNS hijacks that lead to loss of hundreds of USD worth of ERC20 tokens and Ether

- https://themerkle.com/etherdeltas-dns-hacked-website-replaced-with-hackers-duplicate-to-steal-funds/
- https://cryptocoin.news/videos/breaking-news-myetherwallet-was-hijacked-11475/

People have to be very alert all the time when using such platforms. You can never know when hackers attack.

[Baofeng]

Yeah, I remember the MyEther attack in 2017, and there was a lot that time.

And currently, I have seen a lot of fake pancakeswap phishing and fake sites, although it has been taken down already, it will not be the last and we might see the attack intensifies as pancakeswap is one of the hottest commodity right now.

[codpku]

Lucky me to open my twitter and see announcement before i open my pancakeswap so i hope my money still save
And i hope with this experience pancakeswap can improve more their security so people stay and not go from pancakeswap

[Kemarit]

it was a really sneaky dns attack i hope that no user of the two sites has fallen for it and provided their metamask seed we must always be very careful and always check carefully before accessing and in any case never with the seed, luckily the alarm / attack was contained, resolved

We will never known until someone claims that they have lost their hard earn money from this kind of sneaky attacks. As I have said previously, hackers are always one step ahead of the game for us. They have the tools and the capability to mount this big attack and for sure the do it because they know they can steal a lot of money here.

So for everyone, we always needs to be be careful giving out our seed and mnemonic phrases easily. Check everything first.

[bussybuddy]

I've heard about this unfortunate incident, it's really annoying that when I was holding some coins up there, every announcement was alerted as soon as this serious happening. I think things might calm down in the near future, and also some good opportunities for people to be able to buy CAKE at a low price, I also buy myself some CAKE, to be honest. Unwanted attempts to happen in this market sometimes it is not a bad thing but also offers some opportunities.

[MishaSER]

I've heard about this unfortunate incident, it's really annoying that when I was holding some coins up there, every announcement was alerted as soon as this serious happening. I think things might calm down in the near future, and also some good opportunities for people to be able to buy CAKE at a low price, I also buy myself some CAKE, to be honest. Unwanted attempts to happen in this market sometimes it is not a bad thing but also offers some opportunities.

To be honest, the price did not drop much, this is a standard chart without any anamalies, perhaps this news was not significant, thank God, now everything is available and metamask does not define it as phishing.

[dihari]

Reminder
People should getting learn everyday and fullfil they knowledge about DeFi these days. DeFi is not only a name. Decentralized Finance is works like its name, a financial platform where you can get benefits as users without the needs of third party.
It means if you're new to this, always remember when using a defi platform, they'll never ask for your keys! No matter if its hacked or not.
Your keys/seed is only for you and your wallet. Even metamask doesn't need your keys..

[dihari]

Y
es, you are right, but, when connecting to metamask, it requires a seed phrase or keystore file to be able to access your wallet.

Just re-read all the sentences above. A defi platform will never ask for any keys. The only way to connect your wallet with defi platforms like pancake, uni, 1inch is just click "connect" button.
If there's any defi platforms need your keys to connect with them, then it's not defi platform. No matter it is hacked or not, never use them!

[dhemasm]

Yeahh, it's was really make me scared to be honest. I was buying an ALICE Token before on binance and try to do some farms on the pancakeswap but can't open the Pancakeswap website especially if we want to wrap an LP or do some swap but it can solved by using VPN and i recommend you guys if still insist to farm or unstake to use 1.1.1. (From Cloudflare) if not just wait and check current status here if your provider already updated the DNS, Check here https://dnschecker.org/#NS/pancakeswap.finance

[aysg76]

The hackers are always monitoring to find the right time to hack into clients server and immediately they attack the servers with DoS,DDOS attack which pushes a phisshy address or domain matching to the actual one and allowing people to deposit funds over that particular address like DoS attack in 2017 which compromised the information and funds of many users to anonymous group of hackers.We need to have proper security check before withdraw and deposit of funds.Pancakeswap was under such attack but it is resolved now but people are trusting Uniswap as better option due ro security factors.

[Review Master]

This kind of attacks are pretty common during the bull ran. In 2017, both Myether wallet  and Etherdelta decentralized exchange that we so popular back then suffered DNS hijacks that lead to loss of hundreds of USD worth of ERC20 tokens and Ether

People have to be very alert all the time when using such platforms. You can never know when hackers attack.

TBH, every hackers/scammers become active and try everything to scam others whenever bull is going on. But in this time, this news of dns attacks on pancakeswap/cream was spread on every media like telegram groups/channels and social platforms which made everyone aware of this situation. Honestly, everyone is now well aware of this type of things whoever in this crypto industry from the previous bull run, except of those newbies who don't know about this type of thing. But it's true that we never know when hackers will attack as bull season is going on.

[leea-1334]

Just another reminder that it does not matter how secure the technology is (blockchain and cryptography) and it does not matter how secure the platform is (defi and non custodial),,, if you have bad users who do not know how to practice simply online safety, then you risk losing your funds anyway.

[makishart]

Reminder
People should getting learn everyday and fullfil they knowledge about DeFi these days. DeFi is not only a name. Decentralized Finance is works like its name, a financial platform where you can get benefits as users without the needs of third party.
It means if you're new to this, always remember when using a defi platform, they'll never ask for your keys! No matter if its hacked or not.
Your keys/seed is only for you and your wallet. Even metamask doesn't need your keys..

Y
es, you are right, but, when connecting to metamask, it requires a seed phrase or keystore file to be able to access your wallet

That's noly when you are importing your wallet to the metamask but when you are accessing defi and it will need you to give permission for the app to use your metamask without tryna to asking about your priv key or seed phrase.
The hacker has been changing this to force the user give their seed phrase and we know that seed phrase can't be changed.
It's not the same as password.

[Coyster]

Just another reminder that it does not matter how secure the technology is (blockchain and cryptography) and it does not matter how secure the platform is (defi and non custodial),,, if you have bad users who do not know how to practice simply online safety, then you risk losing your funds anyway.

As a cryptocurrency user, your safety or protection is on you, and not even on the service used cause people's follies usually comes to haunt them and they lose their funds notwithstanding how protected the service used is, for example, users who use HW wallets and expose their seed phrases to scammers will nonetheless lose their funds, cause that's their folly and the fact that a HW wallet is the safest crypto wallet wouldn't come into play in such situations.

Cryptocurrency users should know what the security protocols inherent in the network are, it's not possible for the more experienced users to protect everyone in the network, with some good research, even newcomers will be knowledgeable on the modus operandi of crypto scammers.

[ahoenk]

Becarefull of this attack, attack like this happen in 2017/2018 to etherdelta and a lot of people secret key ethereum wallet got stolen, rules number one " never hives your secret key or phaseprase to any website in the world, this attack is only to pancake DNS.

[Mpamaegbu]

I will edit that to just let people know not to fill in their seed phrase on any platform as it is very risky.

It doesn't stop to amuse me why people would do that — fill in their password or pass phrase on something that exposes them, but refuse to hand over their car keys to total strangers. You're wondering the connection in my analogy with your comment? Both scenarios are the same. They smack of stupidity for folks who do them.

The way the PCS team reacted immediately on the DNS attack further reinforced my confidence in the team, honestly. They were up and doing and constantly updating users on their social media handles on the situation. At first, I didn't know there was an attack until I tried buying stuff on the site through a DApp. Once I saw my platform looked funny and unusual, I quickly closed it until I realized there was an attack. I think that should be anyone's reflexes at a discovery like that, and not try to force oneself to use the services if one thought it has been compromised.