Cream Finance Critical of GoDaddy in DeFi DNS Attack

Share Article
In Brief
  • Cream Finance explains DNS attack.

  • GoDaddy account was compromised.

  • Domain registrar did not notify of admin changes.

  • promo

    Join the BIGGEST ICO ever launched in Spain: Buy B2M now.

The Trust Project is an international consortium of news organizations building standards of transparency.

A Domain Name Service attack on March 15 brought a number of DeFi platforms to a standstill. One of the victims has detailed a postmortem of exactly what happened.



On March 15, several decentralized finance protocols on the Binance Smart Chain reported that they had suffered a DNS attack. This caused their websites to become inaccessible for some time.

On March 18, Cream Finance confirmed all funds were safe in a post mortem report. It also explained that there were no issues with smart contracts. It regained control over its DNS through the support of the community and partners.



Cream Blames GoDaddy

The DeFi protocol stated that its GoDaddy account (where the domain name is registered) was compromised. This resulted in the redirection of its domain name to a malicious phishing website. It managed to reclaim control over its domain name within a few hours.

The GoDaddy domain records were changed following the hack of Cream’s account. It began a migration process through the security firm Cloudflare. It reached out to industry analytics platforms like CoinMarketCap and CoinGecko to update the website link and issue a warning.

Once it regained control, the platform deployed a decentralized frontend in IPFS (InterPlanetary File System). This ensured that it would have full control and would not have to rely on a centralized company.

“And unlike GoDaddy, we have full control of ENS record, which will prevent attacks like this in the future.”

Cream revealed that it uses Google Single Sign On (SSO) to access the account. Because of this, no username or password is needed and the Google account was never compromised.

GoDaddy’s activity log noted a suspicious password reset request sent to the attacker’s email address. However, there was no record of the email address change. Additionally, errors occurred when trying to access the domain name registrar’s activity logs raising further questions.

Another DeFi protocol based on BSC, PancakeSwap, also reported a similar DNS attack. It too used GoDaddy for domain name registration. The same malicious actor managed to exploit the company in some way to access its domain name records.

Lessons Learned

It’s clear that DeFi has a long way to go. Platforms still rely heavily on highly centralized corporations such as GoDaddy, Google, and Amazon for much of its operation.

Until there is a truly decentralized web, protocols operating on the fledgling financial industry will always be at the whim of the world’s domineering tech giants.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Market signals, studies and analysis! Join our Telegram Today!


Bit2Me ICO JUST STARTED! Buy B2M token now.

Buy now!

Market signals, studies and analysis! Join our Telegram Today!