A DNS attack can take several forms. However, the affected platforms have reported facing a DNS hijacking on the Binance Smart Chain. In this instance, their domain names have been hijacked, resulting in the internet traffic being diverted to an unknown destination.
First, Cream Finance tweeted that a third party had compromised its DNS. It explained that some of its users were seeing requests for their seed phrases. Seed phrases are commonly used to recover wallets.
It is often warned that seed phrases should never share them with third-parties, who would then have access to the user’s wallet. “We will never ask you to submit any private key or seed phrases,” the tweet from Cream emphasized.
PancakeSwap Suspected, Confirmed
Shortly after that, PancakeSwap reported that they might have been hijacked as well, similar to Cream. They recommended not using their site until it was confirmed. Within a few minutes, PancakeSwap confirmed that their DNS had been hijacked as well. They also emphasized to “NEVER EVER input your seed phrase or private keys on a website.”
Binance Takes Notice
As PancakeSwap is the largest DeFi platform on Binance’s Smart Chain (BSC), it was only a matter of time before they were alerted to the attack. Binance CEO Changpeng Zhao then took to Twitter to announce that the attack was taking place.
In reply to CZ’s tweet, a Twitter user shared an image of trying to access the PancakeSwap domain. The picture shows a warning that the connection was not private and that attackers might steal the user’s information via the PancakeSwap domain.
Unfortunately, this isn’t the first instance of cyberattacks against projects on the Binance Smart Chain. Last month, Cream acknowledged that a hacker had been able to steal $37.5 million before they were able to cut him off. Recently, Binance Smart Chain has become a serious competitor to Ethereum due to its high gas fees. However, ongoing security issues may compromise that ambition.