Cream Finance, PancakeSwap Websites Compromised
Cream Finance has announced their website has been compromised. Hackers have taken control of the DNS and are now requesting user’s seed phrases.
Share this article
DeFi protocol Cream Finance is experiencing its second hack of 2021. This time, attackers have targeted the website’s DNS and are using it to request users’ private keys and seed phrases.
Cream Finance Compromised
According to the team, Cream’s smart contracts are fine, but hackers have taken control of the website. They’re now using this control to request users seed phrases and empty the account of those who fall in the trap.
Our DNS has been compromised by a third party; some users are seeing requests for seed phrase on https://t.co/Hr6S4Fqodo. DO NOT enter your seed phrase.
We will never ask you to submit any private key or seed phrases.
— Cream Finance 🍦 (@CreamdotFinance) March 15, 2021
Ever since launching in July 2020, Cream has been an important part of the DeFi ecosystem. Their cooperation with Yearn Finance on the Iron Bank project has been a much-discussed project in the space.
This is not the first hacking problem faced by Cream. No more than a month ago, the protocol was exploited through Alpha Finance, netting $37.5 million to the hackers.
It has now surfaced that Binance Smart Chain’s PancakeSwap has also suffered the same attack, as they have announced on their Twitter. Their website is also compromised and requesting seed phrases.
don't do this pic.twitter.com/9tjUn0sdoh
— icebergy ❄️ (@icebergy_) March 15, 2021
Disclaimer: The author held ETH and several other cryptocurrencies at the time of writing.