March 16, 2021: DNS Hacks Hit BSC 🥞🍦

Pancake and Cream Compromised by Phishing Attack

Beware the Ides of March! Crypto price pullback… party bus disasters… and now Cream and Pancake, two DeFi sites on Binance Smart Chain, getting compromised in a major DNS hack:

PancakeSwap 🥞 #BSC @PancakeSwap

There is a chance we have been DNS hijacked, the same as @CreamdotFinance. Until we are able to confirm this is not the case, do not use the site. We will confirm ASAP. In the meantime, better safe than sorry. Please retweet for visibility! https://t.co/keLsiPFcOh

Cream Finance 🍦 @CreamdotFinance

Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on https://t.co/Hr6S4Fqodo. DO NOT enter your seed phrase. We will never ask you to submit any private key or seed phrases.

2:36 PM ∙ Mar 15, 2021

---

Cream Finance 🍦 @CreamdotFinance

Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on app.cream.finance. DO NOT enter your seed phrase. We will never ask you to submit any private key or seed phrases.

app.cream.financeCream

1:10 PM ∙ Mar 15, 2021

---

The mechanics of the hack have not been fully revealed, but it looks to be a lot more old school than the sophisticated smart contract hacks of late. Somebody simply gained access to the sites’ DNS servers, quite likely by simply getting access to their GoDaddy accounts:

The hackers redirected to another server that prompted users to enter their wallet seed phrases. Content warning, the following image may be unsettling to some:

stani#boi 👻 =(⬤_⬤)= 👻 @StaniKulechov

Whats going on at @CreamdotFinance?

2:35 PM ∙ Mar 15, 2021

---

The Cream Team quickly registered a new domain to use in the interim.

az | Armor.Fi @AzeemFi

@CreamdotFinance team responded quickly to a compromised DNS by deploying to app.creamfinance.co and mirroring to cream-finance.eth.link via @IPFS and @ensdomains Great work @leokcheng @JeremyYangHD @stanley_exists @eason_cdf @dudesahn @nymmrx @johnnnykramer @tempofeng

Cream Finance 🍦 @CreamdotFinance

We will continue to keep the community updated. We want to acknowledge @armorfi and @AzeemFi for immediately jumping in to help with our recovery process! We also want to thank @CoinMarketCap and @coingecko for quickly updating their sites.

4:39 PM ∙ Mar 15, 2021

---

Some users snarked at the impression that Cream was simply surrendering and abandoning their old domain for dead.

nick.eth @nicksdjohnson

Someone compromised their DNS so... they're just giving up on it and walking away?!

Messari @MessariCrypto

Update: Cream Finance has alerted users that the https://t.co/z1afb4nbZm and https://t.co/0aInViXJhl domains are now considered compromised sites. The team has purchased and deployed to https://t.co/IVobc6HPdT. https://t.co/lprlGIe8uG https://t.co/D4MgQIC4ht

5:00 PM ∙ Mar 15, 2021

---

Fortunately the issue, however it occurred, was quickly resolved — or at least resolved as quickly as the TTL delay and caching issues worked themselves out.

The Web3 ecosystem shouldn’t have to suffer Web2 style hacks. DNS in particular has always been awful. It’s been 10 years, and we’re still bitter about DynDNS purchasing the free EveryDNS service and starting to charge for the privilege of DNS hosting.

Is there any hope on the horizon?

At the most basic level, you can make sure you never enter your seed phrase. A lot of hacks in cryptocurrency are overblown, provided you exercise basic caution and generally keep your funds in private storage.

Hasu @hasufl

If you follow Defi through the lens of a critic, you can get the impression that hacks/rug pulls happen all the time. I've been using Defi for >1year now, and never lost a gwei, not even had a close call. Same as with Bitcoin exchanges, most losses come down to poor judgement.

5:07 PM ∙ Mar 15, 2021

---

Ethereum does have its own versions of DNS, such as the Ethereum Name Service for .eth domains. Despite the promise, they’re not yet in widespread use.

balajis.com @balajis

The rise of ENS means capable pseudonyms. No longer simply u/madeupname. You get yourname.eth, capable of doing cryptographic attestations, handling inbound requests, and replacing usernames & domain names alike over the long run. ens.domains

11:03 AM ∙ Mar 5, 2021

---

If you really want to reach the next level of hacker stardom, try ditching the frontends entirely. Why should our digital world cater to the fleeting stylistic whims of non-coders? For example, everybody knows Curve has the world’s most gorgeous frontend. Yet it still faces daily criticism that it’s not beautiful enough for some beholder’s eye.

We therefore recommend managing your entire portfolio directly through Brownie’s incredible suite:

Marc '五 Billy' Zeller @lemiscate

Current Mood. "What's your favorite DeFi website?" - @etherscan

3:01 PM ∙ Mar 15, 2021

---

I'm just a doggie boi @fubuloubu

Many people I know only use @BrownieEth to interact with DeFi now

Marc '五 Billy' Zeller @lemiscate

Current Mood. "What's your favorite DeFi website?" - @etherscan https://t.co/neC7uKW3kf

4:48 PM ∙ Mar 15, 2021

---

---

For more info, check our live market data at https://curvemarketcap.com/ or our subscribe to our daily newsletter at https://curve.substack.com/. Nothing in our newsletter can be construed as financial advice. Author is a $CRV maximalist.