News / Aping into DeFi? Check for This Scam

Aping into DeFi? Check for This Scam


#

Decentralized yield farming projects are engineered to push investors to a fast decision. A one-stop shop set up as a website means anyone with the MetaMask or a similar portable wallet can, on impulse, send coins to a smart contract and start earning. Those projects remain popular despite a long string of hacks, exploits and exit scams.

Another type of scam was added to the list, after several projects suffered a DNS attack, where the site was hijacked by malicious hackers. Eventually, multiple investors lost their tokens, as the site required access to private keys. 

The most visible hacks happened for Pancake Swap and CreamDotFinance, two relatively popular yield farming venues. The hijacked domains left the projects scrambling to move to a new safe location. 

CreamDotFinance warns against using any of its old locations, and has purchased a newly protected domain. 

Pancake Swap returned to most of its functionality, warning users to check the DNS status before attempting any operations with the chosen location. 

Projects Take a Hit on Prices

One of the faults of DeFi projects is that any exploit severely hurts the market price of their native token. CREAM crashed from a recent peak above $340 to as low as $104. 

The CAKE token wiped out about 25% of its value, and for now the project looks like it will survive the exploit. Both tokens are usable and the smart contracts remain uncompromised by other types of attack. 

Right until the attacks, the tokens were viewed as potentially breaking out to higher valuations. The protocols keep adding new tokens, and Pancake Swap is a potential alternative to UniSwap, where fees for each trade may be prohibitive.

For CreamDotFinance, this is the second exploit in a month. In February, the projects suffered a smart contract exploit, which uses a single transaction to drain liquidity pools. Smart contract exploits are the more usual hack for DeFi projects, affecting liquidity pools almost daily. 

The price of CREAM continues to slide, threatening to go below $100.

How to Avoid the Fraud

The silver lining is that the DNS attacks had to rely on user behavior to pull off their heist. The tell-tale sign is that the fake sites demand the user’s seed phrase. 

In general, DeFi communicates with a user’s public key and they are not required to share their private key or seed phrase. MetaMask makes sure to transfer tokens without need to access that data. 

In the past, private seed phishing has been performed through: 

  • Fake links to unlocking wallets;
  • Phishing ICO sites stealing assets directly;
  • Links sent through chat groups requiring the user to unlock a wallet with a seed phrase.

Projects usually take care to warn users that they will never ask for private keys or seed phrases. But 2021 saw many crypto newcomers, who are still not aware of those risks and phishing schemes.

More experienced users almost immediately noticed the rogue connection page, and suggested the frontend of CreamDotFinance has been hacked. 

The best approach is to make sure the service is working and using the right address, as well as recognizing the way wallets communicate with DeFi smart contracts. 

Users that lost funds also compromised the wallets used for the two DeFi projects. The best approach when a wallet is compromised is to never use it again to store assets. 

Binance Smart Chain Projects Still Offer Lower Fees

Both PancakeSwap and CreamDotFinance escaped the high transfer fees on Ethereum and built their platforms on Binance Smart Chain. The network is a delegated staking blockchain, which does not incur gas fees, leading to faster and cheaper transactions. 

PancakeSwap was also among the first six projects to receive a $100M acceleration fund from Binance. DeFi projects are resilient, and even after exploits or price crashes, those tokens often return and attract new buyers.

Other Projects May be Affected

Other projects may pose risk for faulty sites and unauthorized demand for private keys. The CEO and co-founder of the Binance exchange, Changpeng “CZ” Zhao, added his warning without mentioning specific tokens. 

Binance Smart Chain hosts dozens of DeFi projects, with PancakeSwap the most widely used one. The top 10 distributed apps on Binance Smart Chain are all forms of DeFi automated trading venues, revealing the latest trend in crypto to point more resources to yield farming. 

PancakeSwap alone has more than 42,000 users per day, up to five times higher compared to less popular projects. At this point, it is unknown how many users were affected by the DNS hijacking before the project launched its new safe location.

#
Easy Way to Buy
Easy Way to Buy

Uphold makes buying crypto with popular currencies like USD, EUR and GBP very simple with its convenient options to swap between crypto, fiat, equities, and precious metals.

Kraken
Kraken

With over 50 coins and an obsession with security, Kraken is one of the safest places to buy and trade crypto.

Kraken Review
Kraken Review

Kraken has a good reputation for security and protection of your funds and operates across the USA (except NY), Canada, the EU and Japan

Uphold Review
Uphold Review

Based in Charleston, South Carolina. Serves over 184 countries and has done over $4 billion in transactions. Offers convenient options to swap between crypto, fiat, equities, and precious metals.

How to buy bitcoin in US with you bank card
How to buy bitcoin in US with you bank card

We explain the safest and easiest way to buy Bitcoin and other crypto using your credit or debit card.

Buying Bitcoin in Australia Using a Debit Card
Buying Bitcoin in Australia Using a Debit Card

A roundup of the main exchanges in Australia allow you to quickly buy Bitcoin and other crypto on your card

IOTA Review
IOTA Review

IOTA is a feeless crypto using a DAG rather than a blockchain. It aims to be the currency of the Internet of things and a machine economy.

Ripple Review
Ripple Review

This is a specific digital coin running on a series of servers. XRP promises utility in handling cross-border transactions to compete with the SWIFT interbank payment system. Being controlled by banks, many question if it is a true cryptocurrency.