Binance Smart Chain-based decentralized finance [DeFi] protocol, Cream Finance revealed that its DNS has been compromised by a third party. As part of this, several users on the platform have received malicious requests asking to enter the seed phrase.
Following which Cream Finance’s alerted its customer to not submit the seed phrase. Its tweet announcing the same read,
“Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on http://app.cream.finance. DO NOT enter your seed phrase. We will never ask you to submit any private key or seed phrases.”
The platform has not yet revealed if the compromise has been resolved and whether its DNS has been successfully secured.
Cream Finance is essentially a decentralized peer-to-peer DeFi platform that offers lending, borrowing, swap, payment, and tokenization services for digital assets. This is not the first time that it has undergone a breach of some reason.
Additionally, Pancake Swap, which happens to be a leading DeFi platform on Binance Smart Chain, has noted that there could be a chance it has been DNS hijacked as well. Shortly after this, Pancake Swap confirmed the news in its latest tweet, wherein it stated,
“This is now confirmed. DO NOT go to the Pancakeswap site until we confirm it is all clear. NEVER EVER input your seed phrase or private keys on a website. We are working on recovery now. Sorry for the trouble.”
It all started with an error message, following which the SSL cert read that the site is not secure. Several users have also noted that cybersecurity software installed on their devices has blocked the pages citing risk concerns.
Binance Smart Chain [BSC] had also tweeted that some of its projects have been hijacked. However, it did not reveal the total number of DeFi applications on its platform that was compromised in the latest breach.
A number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness. https://t.co/rG8Ad77nYF
— CZ 🔶 Binance (@cz_binance) March 15, 2021
This is not the first time, Cream Finance had suffered a breach. Exactly a month ago, the decentralized finance lending protocol was exploited off more than a $37 million flash loan attack. The malicious entity reportedly pulled out crypto loans from lending protocols and then and then invested them into CREAM’s lending platform, Iron Bank.
Binance Smart Chain Growth
Meanwhile, several notable projects have made their way to Binance Smart Chain [BSC]. This blockchain has emerged as a tough competitor to Ethereum and its alternatives amid the burgeoning DeFi space.
On the 21st of Feb this year, BSC reportedly became “the most significant blockchain”, according to DappRadar’s report. Its unique active wallets increased by 266% and generated $745 billion in transaction volume.
Hence, BSC’s growing popularity could have potentially attracted attackers to target its projects.
If you found this article interesting, here you can find more Blockchain and cryptocurrency news