Two cryptocurrency projects simultaneously suffered from DNS attacks

1615909045 Two Cryptocurrency Projects Simultaneously Suffered From Dns Attacks Hacker.jpg

On March 15, 2021, the Cream Finance DeFi project and the PancakeSwap decentralized exchange came under DNS spoofing attacks. As a result, visitors ended up on fake sites, where scammers tried to find out their seed phrases and private keys in order to gain access to wallets and steal funds.

After discovering the attacks, both companies reported the problems on Twitter and urged users to temporarily refrain from visiting their sites, stressing that the sites themselves were not compromised. Also, the administration of Cream Finance and PancakeSwap asked users not to enter seed phrases and private keys on cybercriminals’ phishing sites in order to avoid problems.

According to information security specialists, the same attacker is clearly behind these attacks, since the DNS records for both sites were changed at an interval of one minute.

Two cryptocurrency projects simultaneously suffered from DNS attacks

How exactly the attackers managed to spoof DNS records for both sites is not yet clear, but as noted by MalwareHunterTeam, both companies managed their DNS records through the hosting company GoDaddy.

While the attackers could theoretically compromise the hosting accounts of both companies, it is also possible that a GoDaddy employee was attacked. The fact is that this will not be the first incident of this kind: in march and last November, GoDaddy employees were already targeted by phishers. Then the attackers infiltrated the system and changed the DNS for a number of resources related to cryptocurrency and hosting, including Escrow.com, Liquid.com, NiceHash.com, Bibox.com, Celsius.network, and Wirex.app.

Currently, representatives of Cream Finance and PancakeSwap report that they have almost regained control of the domains, and that it is safe for most users to visit the sites.

Leave a Reply

Your email address will not be published. Required fields are marked *