Author

Topic: Attack on PancakeSwap and Cream domains to steal seed phrase from users (Read 215 times)

legendary
Activity: 2464
Merit: 1102
Do not be worried, if you do not share your seed with anyone and just keep it a secret, also your private key as well, that means nobody could steal anything from you, there was an attempt but it would stay as attempt as long as people are careful what they are doing, it is not that simple to steal from someone as long as that person is not willing and trying hard not to get hacked.

There are people who are gullible enough or were just not careful and shared their info and those people need to change accounts, those people could be hacked into and hackers could empty their wallets as well, that is a sad thing and shame that it happened, but if you were careful nothing would happen. From this problem we should also face unrekt.net and you will see which places you gave the right to connect to your wallet, you will at least realize it and delete some rights if you want to.
full member
Activity: 1750
Merit: 118
Becarefull of this attack, attack like this happen in 2017/2018 to etherdelta and a lot of people secret key ethereum wallet got stolen, rules number one " never hives your secret key or phaseprase to any website in the world, this attack is only to pancake DNS.
thanks for the conern but it did already happened and for sure there are still people that got scammed because they just agree and follow all that they saw even though attack like this are not new  .

it was still phishing same happened to etherdelta however the method of login was a bit different because this one here uses seed /phrases while on etherdelta i think that was private key. we need to use safer logins  and we should check if we are in the true site to avoid getting hacked/phished .
sr. member
Activity: 1988
Merit: 254
PredX - AI-Powered Prediction Market
I will edit that to just let people know not to fill in their seed phrase on any platform as it is very risky.
It doesn't stop to amuse me why people would do that — fill in their password or pass phrase on something that exposes them, but refuse to hand over their car keys to total strangers. You're wondering the connection in my analogy with your comment? Both scenarios are the same. They smack of stupidity for folks who do them.

The way the PCS team reacted immediately on the DNS attack further reinforced my confidence in the team, honestly. They were up and doing and constantly updating users on their social media handles on the situation. At first, I didn't know there was an attack until I tried buying stuff on the site through a DApp. Once I saw my platform looked funny and unusual, I quickly closed it until I realized there was an attack. I think that should be anyone's reflexes at a discovery like that, and not try to force oneself to use the services if one thought it has been compromised.
Some stupid users still believe and still use it despite warnings from the PancakeSwap media channel. I also don't know what to say and just smile, don't understand what they think when providing seeds, find out that they are trying to sell the coins they just received when joining IDO, and their greed makes them lose their own information.
legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
I will edit that to just let people know not to fill in their seed phrase on any platform as it is very risky.
It doesn't stop to amuse me why people would do that — fill in their password or pass phrase on something that exposes them, but refuse to hand over their car keys to total strangers. You're wondering the connection in my analogy with your comment? Both scenarios are the same. They smack of stupidity for folks who do them.

The way the PCS team reacted immediately on the DNS attack further reinforced my confidence in the team, honestly. They were up and doing and constantly updating users on their social media handles on the situation. At first, I didn't know there was an attack until I tried buying stuff on the site through a DApp. Once I saw my platform looked funny and unusual, I quickly closed it until I realized there was an attack. I think that should be anyone's reflexes at a discovery like that, and not try to force oneself to use the services if one thought it has been compromised.
hero member
Activity: 1246
Merit: 502
Becarefull of this attack, attack like this happen in 2017/2018 to etherdelta and a lot of people secret key ethereum wallet got stolen, rules number one " never hives your secret key or phaseprase to any website in the world, this attack is only to pancake DNS.
legendary
Activity: 2184
Merit: 1302
Just another reminder that it does not matter how secure the technology is (blockchain and cryptography) and it does not matter how secure the platform is (defi and non custodial),,, if you have bad users who do not know how to practice simply online safety, then you risk losing your funds anyway.
As a cryptocurrency user, your safety or protection is on you, and not even on the service used cause people's follies usually comes to haunt them and they lose their funds notwithstanding how protected the service used is, for example, users who use HW wallets and expose their seed phrases to scammers will nonetheless lose their funds, cause that's their folly and the fact that a HW wallet is the safest crypto wallet wouldn't come into play in such situations.

Cryptocurrency users should know what the security protocols inherent in the network are, it's not possible for the more experienced users to protect everyone in the network, with some good research, even newcomers will be knowledgeable on the modus operandi of crypto scammers.
legendary
Activity: 3108
Merit: 1029
Reminder
People should getting learn everyday and fullfil they knowledge about DeFi these days. DeFi is not only a name. Decentralized Finance is works like its name, a financial platform where you can get benefits as users without the needs of third party.
It means if you're new to this, always remember when using a defi platform, they'll never ask for your keys! No matter if its hacked or not.
Your keys/seed is only for you and your wallet. Even metamask doesn't need your keys..
Y
es, you are right, but, when connecting to metamask, it requires a seed phrase or keystore file to be able to access your wallet
That's noly when you are importing your wallet to the metamask but when you are accessing defi and it will need you to give permission for the app to use your metamask without tryna to asking about your priv key or seed phrase.
The hacker has been changing this to force the user give their seed phrase and we know that seed phrase can't be changed.
It's not the same as password.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
Just another reminder that it does not matter how secure the technology is (blockchain and cryptography) and it does not matter how secure the platform is (defi and non custodial),,, if you have bad users who do not know how to practice simply online safety, then you risk losing your funds anyway.
sr. member
Activity: 1456
Merit: 280
BitByte Crypto: https://link3.to/bitbytecrypto
This kind of attacks are pretty common during the bull ran. In 2017, both Myether wallet  and Etherdelta decentralized exchange that we so popular back then suffered DNS hijacks that lead to loss of hundreds of USD worth of ERC20 tokens and Ether

People have to be very alert all the time when using such platforms. You can never know when hackers attack.
TBH, every hackers/scammers become active and try everything to scam others whenever bull is going on. But in this time, this news of dns attacks on pancakeswap/cream was spread on every media like telegram groups/channels and social platforms which made everyone aware of this situation. Honestly, everyone is now well aware of this type of things whoever in this crypto industry from the previous bull run, except of those newbies who don't know about this type of thing. But it's true that we never know when hackers will attack as bull season is going on.
legendary
Activity: 1974
Merit: 2124
The hackers are always monitoring to find the right time to hack into clients server and immediately they attack the servers with DoS,DDOS attack which pushes a phisshy address or domain matching to the actual one and allowing people to deposit funds over that particular address like DoS attack in 2017 which compromised the information and funds of many users to anonymous group of hackers.We need to have proper security check before withdraw and deposit of funds.Pancakeswap was under such attack but it is resolved now but people are trusting Uniswap as better option due ro security factors.
full member
Activity: 1829
Merit: 134
Moderator
Yeahh, it's was really make me scared to be honest. I was buying an ALICE Token before on binance and try to do some farms on the pancakeswap but can't open the Pancakeswap website especially if we want to wrap an LP or do some swap but it can solved by using VPN and i recommend you guys if still insist to farm or unstake to use 1.1.1. (From Cloudflare) if not just wait and check current status here if your provider already updated the DNS, Check here https://dnschecker.org/#NS/pancakeswap.finance
hero member
Activity: 910
Merit: 525
Y
es, you are right, but, when connecting to metamask, it requires a seed phrase or keystore file to be able to access your wallet.
Just re-read all the sentences above. A defi platform will never ask for any keys. The only way to connect your wallet with defi platforms like pancake, uni, 1inch is just click "connect" button.
If there's any defi platforms need your keys to connect with them, then it's not defi platform. No matter it is hacked or not, never use them!
hero member
Activity: 910
Merit: 525
Reminder
People should getting learn everyday and fullfil they knowledge about DeFi these days. DeFi is not only a name. Decentralized Finance is works like its name, a financial platform where you can get benefits as users without the needs of third party.
It means if you're new to this, always remember when using a defi platform, they'll never ask for your keys! No matter if its hacked or not.
Your keys/seed is only for you and your wallet. Even metamask doesn't need your keys..
full member
Activity: 1050
Merit: 103
BIB Exchange
I've heard about this unfortunate incident, it's really annoying that when I was holding some coins up there, every announcement was alerted as soon as this serious happening. I think things might calm down in the near future, and also some good opportunities for people to be able to buy CAKE at a low price, I also buy myself some CAKE, to be honest. Unwanted attempts to happen in this market sometimes it is not a bad thing but also offers some opportunities.
To be honest, the price did not drop much, this is a standard chart without any anamalies, perhaps this news was not significant, thank God, now everything is available and metamask does not define it as phishing.
full member
Activity: 1190
Merit: 105
PredX - AI-Powered Prediction Market
I've heard about this unfortunate incident, it's really annoying that when I was holding some coins up there, every announcement was alerted as soon as this serious happening. I think things might calm down in the near future, and also some good opportunities for people to be able to buy CAKE at a low price, I also buy myself some CAKE, to be honest. Unwanted attempts to happen in this market sometimes it is not a bad thing but also offers some opportunities.
legendary
Activity: 3080
Merit: 1353
it was a really sneaky dns attack i hope that no user of the two sites has fallen for it and provided their metamask seed we must always be very careful and always check carefully before accessing and in any case never with the seed, luckily the alarm / attack was contained, resolved

We will never known until someone claims that they have lost their hard earn money from this kind of sneaky attacks. As I have said previously, hackers are always one step ahead of the game for us. They have the tools and the capability to mount this big attack and for sure the do it because they know they can steal a lot of money here.

So for everyone, we always needs to be be careful giving out our seed and mnemonic phrases easily. Check everything first.
member
Activity: 336
Merit: 10
Lucky me to open my twitter and see announcement before i open my pancakeswap so i hope my money still save
And i hope with this experience pancakeswap can improve more their security so people stay and not go from pancakeswap
legendary
Activity: 2576
Merit: 1655
Yeah, I remember the MyEther attack in 2017, and there was a lot that time.

And currently, I have seen a lot of fake pancakeswap phishing and fake sites, although it has been taken down already, it will not be the last and we might see the attack intensifies as pancakeswap is one of the hottest commodity right now.
copper member
Activity: 2170
Merit: 1822
Top Crypto Casino
This kind of attacks are pretty common during the bull ran. In 2017, both Myether wallet  and Etherdelta decentralized exchange that we so popular back then suffered DNS hijacks that lead to loss of hundreds of USD worth of ERC20 tokens and Ether

- https://themerkle.com/etherdeltas-dns-hacked-website-replaced-with-hackers-duplicate-to-steal-funds/
- https://cryptocoin.news/videos/breaking-news-myetherwallet-was-hijacked-11475/

People have to be very alert all the time when using such platforms. You can never know when hackers attack.
full member
Activity: 1050
Merit: 103
BIB Exchange
Of course I heard the news about PancakeSwap, but I didn't know that Cream was also attacked. Ksati, I can’t go to both sites, my metamask says that it’s not safe. They should probably turn to metamask if they really control their sites.
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
I will edit that to just let people know not to fill in their seed phrase on any platform as it is very risky.
legendary
Activity: 2114
Merit: 1150
https://bitcoincleanup.com/
There is another ongoing phishing attack
Ongoing means the websites are still under the attackers control but that's not the case on PancakeSwap anymore.

My posts on related topics:
They have regained access to the DNS since yesterday but some areas weren't ready yet. You can monitor it at https://dnschecker.org/#NS/pancakeswap.finance

~ Pancake swap team were able to regain access but there's another platform (CreamFinance) who failed to do so and were forced to deploy another website.

EDIT: BOTH PLATFORMS HAVE REGAINED ACCESS OF THEIR DNS

Additional references:
We have regained access to the DNS.

Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.

Will send another update shortly.

Thanks for waiting.


We have regained control of DNS and everything is back to normal on http://cream.finance and https://app.cream.finance

These sites are now safe to use.

Thank you for your patience as we are continue to monitor this situation.
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
There was a phishing attack on two domains which are PancakeSwap and Cream domains, the attack was a Domain Name System (DNS) attack, users will see a displace where they can fill in their seed phrase to connect there wallet, this is used to steal from users that fill in their seed phrase. The domain has been regained, but users should know not to fill in their seed phrase on any site, if filled, attackers will only use it to get into your wallet and send all the coins their to their own wallet.



Pancake Swap and Cream Finance confirms this on Twitter.





https://mobile.twitter.com/StaniKulechov/status/1371470070833164288
https://mobile.twitter.com/CreamdotFinance/status/1371448627663491088?s=20
Jump to: