Babbitt Original丨Multiple DeFi projects have encountered DNS hijacking, please be sure to protect your private keys and mnemonics!

This week, multiple DeFi project websites on Binance Smart Chain (BSC) suffered DNS hijacking attacks, including the lending platform Cream Finance and BSC's top DEX PancakeSwap.

DNS hijacking attacks the domain name resolution server (DNS) or forges the domain name resolution server (DNS) to resolve the target website domain name to the wrong IP address, thereby preventing users from accessing the target website or intentionally or maliciously requiring users to access a specified IP address (website). In this attack, when many users connect to wallets (such as MetaMask) on the hijacked website, a page pops up asking users to submit their personal private keys or mnemonics. Once users submit information, they will face the loss of property theft.

On the evening of March 15, DeFi lending platform Cream Finance reminded users on Twitter: "DNS has been compromised by a third party, and some users will see requests for mnemonics. Do not enter your mnemonics. We will never ask you to submit any private keys or mnemonics." Soon after, PancakeSwap also issued an urgent notice, confirming that it had suffered a DNS attack and warning users.

According to Cream's official news, cream.finance and app.cream.finance were both hijacked, and the project team quickly deployed app.creamfinamce.co for temporary use by users. After 5 hours of emergency processing, at 2 a.m., Cream Finance finally regained DNS and restored the normal use of the two links. On the other hand, PancakeSwap quickly regained control of DNS after confirming that it had been attacked.

While working to restore DNS, the two project teams have been constantly emphasizing that users should not submit their personal private keys or mnemonics. They have also issued tweets specifically to warn users, and the comments under the tweets are also varied.

One netizen asked: "I entered my mnemonic phrase, what should I do?" The enthusiastic netizen seemed to be more anxious than him: "Hurry up and interact with the contract, unlock the coins, and transfer all the coins to the new wallet! Quick! Time is limited!" In fact, this is also the problem that crypto assets have always faced: while holding absolute ownership of assets, users must also be fully responsible for their assets. If the bank account password is stolen, the bank may bear part of the responsibility, and the police may help you recover it; but if the private key is stolen and the assets are transferred away, they are really gone. Although more and more people are entering the crypto market and starting to use DeFi protocols, there are still many people who do not understand the true meaning of private keys or mnemonics. It is important to remember that any normal DeFi protocol that interacts with it through a wallet will not require users to provide private keys or mnemonics! Users also need to be careful not to share their private keys and mnemonic information with others!

However, "phishing" through DNS hijacking is not a difficult scam to identify, and many veteran investors could not help but make fun of it under the tweet. Netizen Graugest left a message saying, "No! I submitted my mnemonic phrase!" But when we click on the screenshot he posted, we can see that the mnemonic phrase he submitted is actually a joke to the attacker: "Nice scam, brother. But you will never get a penny from me, hahahaha."

Many projects that are trying to take advantage of the popularity also came to the comment section. A project called Tacoswap promoted its project everywhere: "We are Tacoswap, the new DEX. Our token is only priced at $0.04 now, and we will soon rise to more than $1. Welcome everyone to join our community." This kind of publicity is a bit low-level. After the incident, data websites such as CoinMarketCap and CoinGecko have released news to remind investors. DeFi projects such as Armor.Fi joined in to help Cream restore DNS as soon as possible, and big Vs such as Zhao Changpeng also quickly spread the news. It is indeed inappropriate to take advantage of the popularity at this time.

What is even more shameful is the fraudulent project. The scammers also posted a fraudulent website, and after logging in, they said, "Elon Musk and Tesla will distribute 5,000 BTC to everyone." It is the same old routine on Twitter, claiming that users will receive 1 BTC if they transfer 0.1 BTC.

This storm once again tells us: protect our private keys and mnemonics!