They also took other precautions like reaching out to information service providers that would link to their websites, like Coingecko, to add a warning note.
There is a chance we have been DNS hijacked, the same as @CreamdotFinance.
— PancakeSwap 🥞 #BSC (@PancakeSwap) March 15, 2021
Until we are able to confirm this is not the case, do not use the site.
We will confirm ASAP.
In the meantime, better safe than sorry.
Please retweet for visibility! https://t.co/keLsiPFcOh
What happened?
In this DNS attack, the hakerman hijacked the DNS and diverted the internet traffic to a different website. The attacker was able to gain access to their GoDaddy account and reroute both sites’ URLs to copycat sites. The copycat sites asked for users to input their wallet’s seed phrase. If done by a user, this would give the attackers to the user’s wallet.
You should never put your wallet’s seed phrase on any website.
Fortunately for both DEFI projects, they were able to regain their DNS, and all their websites went back to normal. This attack seemed to have affected only a small amount of people who fell for the phishing attack. The attack did not involve any smart contracts and only affected the front end of the website.
Since this attack, Pancakeswap has announced they will migrate from GoDaddy to MarkMonitor to ensure this skem doesn’t happen ever again.
The whole moral of this story is NEVER put your wallet’s seed phrase in any kind of website, especially if its DEFI related.