DeFi Protocol Balancer Suffers Front End Attack, $238K Stolen So Far

DeFi Protocol Balancer Suffers Front End Attack, $238K Stolen So Far
Table of Contents

Ethereum-based automated market maker (AMM) and decentralized finance (DeFi) protocol Balancer has recently suffered a front-end attack on its website, and blockchain sleuths are saying that more than $200K were stolen.

In the early hours of Wednesday, September 20, the official X account of Balancer announced that the protocol website was under attack and asked users to interact with the user interface (UI) of the Balancer app until further notice.

The announcement reads:

“The balancer front-end is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!”

$238K Have Been Stolen So Far from The DeFi

As of writing, the Balancer team has not provided any update on whether users’ funds are safe. According to the Balancer Discord channel, the protocol’s smart contracts are safe as only the front end is compromised. They are suggesting a Domain Name Service (DNS) attack, which involves redirecting the IP address of a website to another URL address.

Another DeFi platform, Exponential DeFi, confirmed this, saying that the Balancer domain name was hijacked and was prompting users to approve a malicious contract that would drain users’ wallets. Experimental DeFi wrote:

“@Balancer’s domain has been hijacked and its prompting users to approve a malicious contract that will drain your wallet. As far as we can tell, protocol funds are safu, and the issue is limited to the hijacked front-end.”

Balancer contributor Cosme Fulanito has reportedly confirmed that Balancer’s vault remains 100% fine. That’s why the protocol team urged users not to interact with the Balancer DeFi app, as only the users who use the app are at risk.

$238K Have Been Stolen So Far from The DeFi

According to blockchain sleuth ZachXBT, the attacker(s) was able to siphon off $238,000, which was redirected to an unknown Ethereum address.

This is the second attack on the Balancer DeFi protocol in less than a month. As reported previously in Crypto Economy, on August 24, 2023, the Balancer team asked users to withdraw funds after discovering a vulnerability in some of its V2 liquidity pools (LPs). The swift action by the Balancer team managed to secure more than 80% of the compromised funds.

However, some $5.6 million worth of funds were still in those affected LPs. On August 27, Balancer suffered several flash loan attacks that reportedly were related to the vulnerability found earlier. The attacker(s) was able to bag $2.1 million from these attacks. There has been no more update as the time of writing.

Follow Us

Ads