Aping into DeFi? Check for This Scam
#
Decentralized yield farming projects are engineered to push investors to a fast decision. A one-stop shop set up as a website means anyone with the MetaMask or a similar portable wallet can, on impulse, send coins to a smart contract and start earning. Those projects remain popular despite a long string of hacks, exploits and exit scams.
Another type of scam was added to the list, after several projects suffered a DNS attack, where the site was hijacked by malicious hackers. Eventually, multiple investors lost their tokens, as the site required access to private keys.
The most visible hacks happened for Pancake Swap and CreamDotFinance, two relatively popular yield farming venues. The hijacked domains left the projects scrambling to move to a new safe location.
CreamDotFinance warns against using any of its old locations, and has purchased a newly protected domain.
Pancake Swap returned to most of its functionality, warning users to check the DNS status before attempting any operations with the chosen location.
Projects Take a Hit on Prices
One of the faults of DeFi projects is that any exploit severely hurts the market price of their native token. CREAM crashed from a recent peak above $340 to as low as $104.
The CAKE token wiped out about 25% of its value, and for now the project looks like it will survive the exploit. Both tokens are usable and the smart contracts remain uncompromised by other types of attack.
Right until the attacks, the tokens were viewed as potentially breaking out to higher valuations. The protocols keep adding new tokens, and Pancake Swap is a potential alternative to UniSwap, where fees for each trade may be prohibitive.
For CreamDotFinance, this is the second exploit in a month. In February, the projects suffered a smart contract exploit, which uses a single transaction to drain liquidity pools. Smart contract exploits are the more usual hack for DeFi projects, affecting liquidity pools almost daily.
The price of CREAM continues to slide, threatening to go below $100.
How to Avoid the Fraud
The silver lining is that the DNS attacks had to rely on user behavior to pull off their heist. The tell-tale sign is that the fake sites demand the user’s seed phrase.
In general, DeFi communicates with a user’s public key and they are not required to share their private key or seed phrase. MetaMask makes sure to transfer tokens without need to access that data.
In the past, private seed phishing has been performed through:
- Fake links to unlocking wallets;
- Phishing ICO sites stealing assets directly;
- Links sent through chat groups requiring the user to unlock a wallet with a seed phrase.
Projects usually take care to warn users that they will never ask for private keys or seed phrases. But 2021 saw many crypto newcomers, who are still not aware of those risks and phishing schemes.
More experienced users almost immediately noticed the rogue connection page, and suggested the frontend of CreamDotFinance has been hacked.
The best approach is to make sure the service is working and using the right address, as well as recognizing the way wallets communicate with DeFi smart contracts.
Users that lost funds also compromised the wallets used for the two DeFi projects. The best approach when a wallet is compromised is to never use it again to store assets.
Binance Smart Chain Projects Still Offer Lower Fees
Both PancakeSwap and CreamDotFinance escaped the high transfer fees on Ethereum and built their platforms on Binance Smart Chain. The network is a delegated staking blockchain, which does not incur gas fees, leading to faster and cheaper transactions.
PancakeSwap was also among the first six projects to receive a $100M acceleration fund from Binance. DeFi projects are resilient, and even after exploits or price crashes, those tokens often return and attract new buyers.
Other Projects May be Affected
Other projects may pose risk for faulty sites and unauthorized demand for private keys. The CEO and co-founder of the Binance exchange, Changpeng “CZ” Zhao, added his warning without mentioning specific tokens.
Binance Smart Chain hosts dozens of DeFi projects, with PancakeSwap the most widely used one. The top 10 distributed apps on Binance Smart Chain are all forms of DeFi automated trading venues, revealing the latest trend in crypto to point more resources to yield farming.
PancakeSwap alone has more than 42,000 users per day, up to five times higher compared to less popular projects. At this point, it is unknown how many users were affected by the DNS hijacking before the project launched its new safe location.
#Uphold makes buying crypto with popular currencies like USD, EUR and GBP very simple with its convenient options to swap between crypto, fiat, equities, and precious metals.
With over 50 coins and an obsession with security, Kraken is one of the safest places to buy and trade crypto.
Kraken has a good reputation for security and protection of your funds and operates across the USA (except NY), Canada, the EU and Japan
Based in Charleston, South Carolina. Serves over 184 countries and has done over $4 billion in transactions. Offers convenient options to swap between crypto, fiat, equities, and precious metals.
Part 2 covers intermediate trading strategies including Bollinger bands, the TRIX indicator and pattern trying
Crypto gets a lot of criticism sometimes but what sort of job are the current banks doing at looking after their customers. Who are the best and the worst banks to be with?
Solana is a cryptocurrency project with a radically different approach to how blockchains work. It focuses on an element which is very simple: time. It seems introducing a decentralised clock to a cryptocurrency blockchain makes it more efficient than anyone could have possibly imagined. Solana is a high-performance cryptocurrency blockchain which supports smart contracts and decentralised applications. It uses proof of stake consensus mechanism with a low barrier to entry along with timestamped transactions to maximise efficiency.
The first cryptocurrency. It has limitations for transactions but it is still the most popular being secure, trusted and independent from banks and governments.