Two major decentralized finance protocols on Binance Smart Chain have been hijacked by a DNS spoofing attack.
Cream Finance said some of its users had been told to enter their seed phrase as a result of the hijacking — even though the project would never ask them to do this.
The project says that user funds are safe as long as no one interacts with the phishing attempt.
PancakeSwap Hit, Too
PancakeSwap, one of the biggest DEXs on BSC, later confirmed that it too had fallen victim to a similar incident. In strongly worded tweets, it warned users:”
“DO NOT go to the Pancakeswap site until we confirm it is all clear. NEVER EVER input your seed phrase or private keys on a website. We are working on recovery now. Sorry for the trouble.”
The nature of the attack means that Cream Finance and PancakeSwap’s internal systems haven’t been compromised. Instead, their domain names appear to have been redirected to sites that are designed to look like the real thing.
Nonetheless, the incident will hit confidence in both DeFi projects — and some users on Twitter have already criticized both protocols.
News of the DNS spoofing attack saw the respective tokens for both tumbles slide heavily during Monday trading.
CREAM fell by more than 10% at one point, and was trading at $102.22 at the time of writing.
Meanwhile, CAKE is down 6.2% over the past 24 hours — settling at $10.14.
Subscribe To Our Newsletter
You can check out all of the day’s top stories in the CoinMarketCap newsletter by signing up here.