1. DNS/乗取/pancakeswap

GoDaddy account を盗まれた。

https://ninahaus.com/2021/03/20/what-is-dns-and-how-its-attacked/

https://twitter.com/_ninahaus_/status/1373059835252645889?s=20 PancakeSwap DNSハイジャックについてMedium記事と当日の情報を混ぜたのを書きました。

攻撃者はPancakeSwapのドメイン登録業者であるGoDaddyを何らかの方法で欺いて
我々のアカウントへのアクセスに成功しました

https://twitter.com/PancakeSwap/status/1372818200245592067?s=20

Simply put, while we’re still investigating, our current understanding is that the attacker managed to trick our domain registrar, GoDaddy, into giving them access to our account. They then redirected our site’s URL to a copycat site which tried to trick users into inputting their wallet’s seed phrase.

PancakeSwap’s contracts were not affected: the attack was limited only to the website front-end, which is just one way to interact with the contracts.


How did this happen?

We’re still in the process of investigating, but the attack on PancakeSwap aligns very closely with the C.R.E.A.M attack: It is likely the attacker socially engineered their way into our GoDaddy account through GoDaddy customer service. It’s clear that this lack of security is not unusual for GoDaddy (see: GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services).

Were any users affected?

Fortunately, we haven’t received any confirmed reports of user loss as a result of the attack so far. If you have evidence that you input your seed phrase to the fake site, and that the attacker has stolen your funds, we would recommend that you report this directly to law enforcement and follow up with Binance and other BSC-compatible exchanges to blacklist the receiving addresses.

We’d like to offer a huge thank you to all of those that reached out to help us, and for the community’s patience and support during the incident. We apologize for the inconvenience caused, and appreciate your understanding: once again we’ve been overwhelmed by the support of the community during a difficult time.

1.1. 対策

What steps are we taking forward to prevent this from happening again?

MoinQ: DNS/乗取/pancakeswap (last edited 2022-05-17 09:16:57 by ToshinoriMaeno)