Decentralized crypto exchange PancakeSwap has been attacked by hackers, per a tweet.
Earlier today, a similar service called Cream Finance said its DNS (domain name service) had been "compromised by a third party." PancakeSwap’s Twitter account then confirmed that it had been attacked through the same mechanism.
A “DNS hijack” is when an attacker reroutes traffic toward a malicious server; in this case, the “hijacked site” was after credentials for for users’ accounts.
This is now confirmed.
DO NOT go to the Pancakeswap site until we confirm it is all clear.
NEVER EVER input your seed phrase or private keys on a website.
We are working on recovery now.
Sorry for the trouble. https://t.co/JN7TXlo9od
— PancakeSwap
#BSC (@PancakeSwap) March 15, 2021
Unlike a traditional exchange, where assets are traded through a central authority (like Coinbase, or the NYSE), a decentralized exchange uses smart contracts (essentially just code) that allow money to flow directly between traders. Decentralized exchanges tend to fall under the rubric of DeFi protocols, which are broadly defined as non-custodial systems for handling crypto.
Crucially, PancakeSwap’s smart contracts have not been hacked. Only the front-end of the website has been affected by this attack.
A number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness. https://t.co/rG8Ad77nYF
— CZ
Binance (@cz_binance) March 15, 2021
Investing in DeFi protocols can be extremely risky, since they are prone to hacks—half of all crypto-related hacks in 2020 targeted DeFi, according to the blockchain data company Chainalysis.
There's no sign of that slowing down in 2021: last week, a decentralized exchange called Dodo was hacked for nearly $4 million.
Your funds are only at risk if you enter your private key or seed phrase into the hijacked site.
Regaining access is only a matter of time, our main priority is keeping inexperienced users safe.
DO NOT go to the site for now.
NEVER enter your private key or seed phrase.
— PancakeSwap
Guide & Tools