DeFi's Phishing Plague: PancakeSwap Warns of Persistent Scams

Generated by AI AgentCoin World
Tuesday, Oct 7, 2025 9:53 pm ET1min read
CAKE--
BNB--
Aime RobotAime Summary

- PancakeSwap warns users after its Chinese X account was hacked to spread phishing links targeting crypto wallets.

- Attackers used fake domains like "pancakeswap.cam" and DNS hijacks to steal credentials and drain assets via smart contracts.

- Platform emphasizes secure smart contracts and urges URL verification, token approval revocation, and wallet transfers for affected users.

- New security tools like MEV Guard and ZEUS syrup pools aim to combat DeFi risks, but phishing remains a $1B+ industry threat.

- Analysts stress the need for user education and proactive defenses against social engineering attacks exploiting brand trust.

PancakeSwap, a leading decentralized exchange (DEX) on the BNBBNB-- Chain, has confirmed that its Chinese-language X account was recently compromised, prompting a warning to users to avoid interacting with any links from the affected account. The breach, disclosed in a statement, underscores the platform's ongoing efforts to combat phishing attempts and fraudulent activities targeting its user base. The compromised account was used to disseminate malicious links, which, if clicked, could expose users to scams or unauthorized access to their cryptocurrency wallets.

The incident adds to a broader pattern of phishing attacks targeting PancakeSwapCAKE-- users, with fake websites and deceptive domain names being a recurring issue. Scammers have previously created counterfeit sites mimicking the official PancakeSwap interface, such as "pancakeswap.cam" or "pancakeswap.exchange," to trick users into connecting their wallets and approving malicious transactions. These attacks often result in the immediate draining of victims' digital assets through hidden smart contract executionstitle1[1]. In 2021, PancakeSwap had also faced a DNS hijack attack, where hackers redirected users to fraudulent sites to steal credentialstitle3[3].

PancakeSwap reiterated that its core smart contracts remain secure, with the recent breach limited to the compromised social media account. The platform advised users to verify URLs by typing "https://pancakeswap.finance" directly into their browsers or using bookmarks to avoid phishing sites. Users were also urged to revoke any suspicious token approvals and transfer funds to new wallets if they had interacted with the compromised account.

The platform's recent security measures include the launch of MEV Guard, a feature designed to protect users from Miner Extractable Value (MEV) attacks, and collaboration with Zeus Network to introduce a syrup pool for ZEUS tokens. Despite these initiatives, the compromised account highlights the persistent risks in the DeFi ecosystem, where phishing and social engineering remain significant threats.

PancakeSwap's advisory aligns with broader industry trends, as phishing scams accounted for over $1 billion in crypto losses in 2021 alonetitle2[2]. The platform emphasized the importance of user vigilance, noting that many attacks exploit trust in well-known brands and urgency-driven tactics to bypass security checks. Analysts suggest that decentralized platforms must continue to prioritize education and proactive security tools to mitigate such riskstitle1[1].

author avatar
Coin World

Quickly understand the history and background of various well-known coins

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.