2 decentralized finance projects are reportedly being targeted by a DNS spoofing attack. According to reports from Mon morning time U.S. time, PancakeSwap and Cream Finance, two projects deployed on Binance Smart Chain, are phishing users into entering their private central on the website.

Cream Finance is inaccessible equally of the time of writing, but PancakeSwap still loads correctly and showcases the phishing attempt. Upon trying to connect MetaMask, the folio loads a false window requesting the user to input their private central. This also happens on browsers like Safari, where MetaMask is unavailable. There are almost no occasions when a user should input their seed phrase into a browser app, especially not when interacting with DeFi.

Screenshot from Pancake Swap, taken around iii PM UTC.

The Cream Finance and the Pancake Swap teams confirmed that the issue is a DNS spoofing attack. The Domain Name Service connects a domain proper name to an IP address on the web. It appears that the registration for the ii services was hijacked to signal to an assaulter-controlled server. According to ICANN records, the DNS registration was updated for both websites on Monday, shortly earlier the reports of malicious activeness.

The DNS entry was updated on Monday. Source: ICANN

Both websites announced to exist registered through GoDaddy. One possible explanation is that the teams' accounts on the provider were hijacked, allowing the assaulter to officially modify the DNS routing betoken for the domains.

Equally of seven PM UTC, the Cream Finance squad stated that the website is fully operational and secure. PancakeSwap also seems to take regained control of its website. The changes may not be immediately visible for users who visited the corrupted domain, requiring a browser cache cleanup.

The story was updated at 7 PM UTC with new information.