A recent Domain Name Service (DNS) attack has caused a network failure on many DeFi platforms. Cream Finance, one of the affected protocols, has given a postattack summary. The platform blamed GoDaddy for the DNS breach.
DNS Hijack Brings Down Cream Finance and other DeFi Platforms
DeFi platforms on the Binance Smart Chain suffered a DNS attack on March 15 which resulted in a temporary shutdown of their websites. However, on Thursday, Cream Finance announced that there was no loss of fund. The platform also added that its smart contracts were working fine.
Cream Finance acknowledged the support it got from its partners and community members before gaining full access to its network. After the attack, the protocol employed its decentralized frontend in IPFS (InterPlanetary File System). It did this to prevent any future similar attacks and to ensure it would not have to depend on centralized services.
The protocol described that it had to confer with analytics firms like CoinGecko, imToken, CoinMarketCap to help it update its website link and raise cautionary messages. Afterwards, it organized a “war room” on Telegram to discuss ways to regain access to its DNS and at the same time ensure that funds remained safe. The platform revealed that it established two substitute websites to make sure users continue using CREAM Finance.
Cream Finance Blames GoDaddy for DNS Breach
After the platform was finally able to access its website, it launched a postattack investigation. It revealed that both the smart contracts and user funds were safe all through the attack. However, the protocol revealed that the breach on its DNS was through its GoDaddy account (the platform’s domain registrar).
When the investigation was completed, the protocol said its Google account was never breached. It also said that its GoDaddy account couldn’t have been hacked using a username or password. However, it added that there was something strange with its GoDaddy activity log, which recorded a suspicious password reset.
After further study, Cream Finance concluded that the breach was from GoDaddy. It also said it now has control of its DNS record to prevent further attacks. Other DeFi platforms that also registered their Domain name with GoDaddy experienced similar issues. PancakeSwap confirmed an attack on its DNS as well.