Malicious DNS Exploit Targets PancakeSwap in a Phishing Scam

On March 15th, 2021 users logged into the Dex platform to meet an information-seeking exploit. This was a coordinated but failed attack, and many protocols were targeted, including Cream.Finance.

An Unsophisticated and Failed Attempt

According to an investigation by the PancakeSwap team. The hack attempt was largely an unsophisticated and failed attempt at hijacking users’ wallet seed phrases to gain access and steal funds. An investigation revealed that the hacker successfully tricked Godaddy, PancakeSwaps domain registrar, into giving them access to the account. Then they redirected the site URL to a copycat site which tried to trick users into inputting their wallet seed phrase. So far, according to checks and further investigation, the PancakeSwap smart contract wasn’t affected.

A screenshot of the phishing attempt

A Timeline of Events

Official Medium page post from PancakeSwap documented a timeline of events that occurred on the DNS attack day. All events listed are UTC +8:

March 15th


Cream.Finance announces on Twitter that their DNS has been hijacked.


PancakeSwap became inaccessible 


PancakeSwap team tweeted about the event 


The team tweeted a tweet about the confirmation of the event.


A confirmation of the hijack on PancakeSwap and a solution immediately worked. 


Purchase of a new backup domain by PancakeSwap and deployment of the website.


The team began the process of recovering the DNS.

By the next day, the team has gained access to the hijacked DNS server.

The exploit started with Cream.Finance, where attackers took over the DNS and asked users for their seed phrase. The problem isn’t complex as the attack was only on the front end and not on the smart contract’s back end. Further checks revealed that the codes are fine, and no compromise has been observed.

CZs Early Warning

One of the earliest warnings was put out by CEO Changpeng Zhao, CZ. It is believed to have saved a couple of users from the hack attempt. The CEO of Binance is known to be very active on Twitter and could be responsible for the attack’s minimal impact. The tweet reads;

A number of DeFi projects are under DNS hijack attack. Pancake, Cream, etc. Please be VERY VERY careful and not use them until they recover the situation. Please also help spread the awareness.

An investigation by the PanCakeSwap team and an analysis by many users found out that the severity of the impact was relatively minimal. There were very few complaints from the Dex users. 

In fact, in days, no one has come out with concrete proof that there was a loss of funds from their wallet due to the attack.

Binance Smart Chain – An Increasingly Safe Network

BSC network’s role in recovering and chasing rug pull funds has been incredible and commendable. In a tweet credited to the CEO, Binance has been responsible for helping with a few rugpulls recently but can’t disclose details;

By this proactive attempt to protect users, Binance has shown care for users’ funds and protection on the Network.

About PancakeSwap

PanCakeSwap is the top Automated Market Maker Dex on the BSC network. The protocol competes with leading Ethereum based Dexs such as Uniswap and SushiSwap. PCS has gained prominence due to its ease of use, fast, and cheap transactions made possible by the Binance Smart Chain network.

In Conclusion

“Rugpulls” or protocol exploits are still very much prevalent in the Defi sector due to smart contract risks. Users are advised to suspect all unusual activities, stay away, and report all incidents or risk their funds getting lost and hacked. 

Users are advised to use only direct and safe URLs. DO not enter your seed phrase no matter the action as not even PanCakeSwap or any AMM protocol will request such sensitive details. It’s a decentralized network and not a centralized one.

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *