UPDATE: Cream Finance announced on Twitter that it has regained control of its DNS. “These sites are now safe to use. Thank you for your patience as we are [sic] continue to monitor this situation,” the project team said.
DeFi platforms PancakeSwap and Cream Finance warned users on Monday that they were hit by domain name system (DNS) hijackings.
The strong warnings were issued on social media in a bid to keep users from falling victim to dual schemes to collect private keys or seed phrases from would-be victims. Such information obtained by this kind of phishing scheme would then allow a hacker to then steal funds from affected users.
Your funds are only at risk if you enter your private key or seed phrase into the hijacked site.
Regaining access is only a matter of time, our main priority is keeping inexperienced users safe.
DO NOT go to the site for now.
NEVER enter your private key or seed phrase.
— PancakeSwap 🥞 #BSC (@PancakeSwap) March 15, 2021
As of press time, PancakeSwap has said that it has regained access to its DNS. Cream Finance appeared to be in the process of seeking DNS access, pointing users toward an alternative address in the meantime.
📍Please use our app at https://t.co/BqbK4lkSNm
Thank you for your patience and sorry for the inconvenience.
We will update soon. Please retweet for more exposure.
— Cream Finance 🍦 (@CreamdotFinance) March 15, 2021
A DNS hijacking allows an attacker to present a fraudulent web portal to visiting users, often aimed at collecting personal information — in this case, the private keys needed to steal their funds. The U.S. government and private security firms have issued warnings in recent years about such attacks, as noted in a 2019 report by Krebs On Security.
This is a developing story and will be updated as new information becomes available.