CZ urges users to refrain from interacting with PancakeSwap and other BSC projects amid DNS hijack attack

The head of Binance, Changpeng Zhao, urged users to temporarily refrain from interacting with PancakeSwap and Cream Finance. These and other DeFi projects built on the Binance Smart Chain (BSC) have come under attack.

A number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness. https://t.co/rG8Ad77nYF

— CZ 🔶 Binance (@cz_binance) March 15, 2021

According to Zhao, attackers gained access to the DNS of a number of BSC-based project websites in order to inject malicious elements into their interfaces.

PancakeSwap representatives recommended that users do not visit the project’s website until an official notice about the remediation is issued.

«Never enter your seed phrase or private keys on a website. We are currently working on fixing the problem», — wrote representatives of the largest DEX ecosystem on BSC.

Update: PancakeSwap said it has regained control of the DNS. Some users may still experience login issues depending on their server location.

We have regained access to the DNS.

Some users might still be affected, depending on their DNS resolution as some propagation time may be needed.

Will send another update shortly.

Thanks for waiting.

— PancakeSwap 🥞 #BSC (@PancakeSwap) March 15, 2021

Update: the third-largest by TVL project Autofarm Netowork said that user funds are safe.

⚠️ All PCS LPs and assets in Autofarm vaults are SAFU. Give Hops & his team some time to sort out the issue

In the meantime, DO NOT key in your seed phrase/ private key in PancakeSwap. https://t.co/UdSa0hPwbP

— autofarm.network (@autofarmnetwork) March 15, 2021

Update: Cream Finance representatives said that the cream.finance and app.cream.finance sites have been compromised and urged users to temporarily cease interacting with them. According to them, the site app.creamfinance.co is safe.

To our community ~ https://t.co/Tz2zo7WsXd and https://t.co/Hr6S4Fqodo are now considered compromised sites — DO NOT USE either domain until further notice.

We have purchased and deployed to https://t.co/BqbK4lkSNm — this site is SAFE to use.

— Cream Finance 🍦 (@CreamdotFinance) March 15, 2021

Update: Cream Finance regained control over the domain.

🙌 We have regained control of DNS and everything is back to normal on https://t.co/Tz2zo7WsXd and https://t.co/JmBbwhWu4h

These sites are now safe to use.

Thank you for your patience as we are continue to monitor this situation. 🙇🏼‍♀️🙇‍♂️

— Cream Finance 🍦 (@CreamdotFinance) March 15, 2021

Update: Cream Finance regained control over the domain.

🙌 We have regained control of DNS and everything is back to normal on https://t.co/Tz2zo7WsXd and https://t.co/JmBbwhWu4h

These sites are now safe to use.

Thank you for your patience as we are continue to monitor this situation. 🙇🏼‍♀️🙇‍♂️

— Cream Finance 🍦 (@CreamdotFinance) March 15, 2021

As of writing, PancakeSwap’s TVL stands at $3.88 billion. The Cream Finance lending service has a TVL of $47.7 million.

In early March PancakeSwap surpassed Uniswap in TVL.

Earlier ForkLog reported that the BSC-based exchange DODO lost $3.8 million due to a vulnerability.

Subscribe to ForkLog News on Telegram: ForkLog FEED — the full news feed, ForkLog — the most important news and polls.