A few hours ago, a service called Cream Finance said its DNS was "compromised by a third party". The Twitter account of another exchange, PancakeSwap, then confirmed that it had also been attacked through the same mechanism.
This is now confirmed.— PancakeSwap 🥞 #BSC (@PancakeSwap) March 15, 2021
DO NOT go to the Pancakeswap site until we confirm it is all clear.
NEVER EVER input your seed phrase or private keys on a website.
We are working on recovery now.
Sorry for the trouble. https://t.co/JN7TXlo9od
A “DNS hijacking” occurs when an attacker redirects traffic to a malicious server that has the appearance and structure identical to that of the original; in this case, the “hijacked website” was wanting users to place their keys to steal funds that were present in those accounts.
Unlike a traditional exchange, where assets are traded through a central authority, a decentralized exchange uses smart contracts. There are no owners, only automated codes, maintained by decentralized teams, which allows the money flows directly between traders.
Crucially, PancakeSwap's smart contracts were not hacked. Only the front end of the site was affected by this attack.
Investing in DeFi protocols can be extremely risky, since they are subject to hacks - half of all crypto-related hacks in 2020 targeted DeFi, according to blockchain data company Chainalysis.
Unfortunately, there is no sign of a slowdown in the amount of decentralized exchange hacks in 2021. Last week, it was Dodo's turn that ended up having a loss of about $ 4 million. On the other hand, we must be optimistic and take into account that DeFi are still relatively new and in constant optimization, errors will be fixed and the technology will have its security reinforced.