Ethereum-based automated market maker (AMM) and decentralized finance (DeFi) protocol Balancer has recently suffered a front-end attack on its website, and blockchain sleuths are saying that more than $200K were stolen.
In the early hours of Wednesday, September 20, the official X account of Balancer announced that the protocol website was under attack and asked users to interact with the user interface (UI) of the Balancer app until further notice.
The announcement reads:
“The balancer front-end is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!”
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!
— Balancer (@Balancer) September 19, 2023
$238K Have Been Stolen So Far from The DeFi
As of writing, the Balancer team has not provided any update on whether users’ funds are safe. According to the Balancer Discord channel, the protocol’s smart contracts are safe as only the front end is compromised. They are suggesting a Domain Name Service (DNS) attack, which involves redirecting the IP address of a website to another URL address.
Another DeFi platform, Exponential DeFi, confirmed this, saying that the Balancer domain name was hijacked and was prompting users to approve a malicious contract that would drain users’ wallets. Experimental DeFi wrote:
“@Balancer’s domain has been hijacked and its prompting users to approve a malicious contract that will drain your wallet. As far as we can tell, protocol funds are safu, and the issue is limited to the hijacked front-end.”
🚨 Risk alert @Balancer 's domain (https://t.co/Ikuh2PEJrv) has been hijacked and its prompting users to approve a malicious contract that will drain your wallet.
As far as we can tell, protocol funds are safu and the issue is limited to the hijacked front-end. pic.twitter.com/KrBUutj5H0
— Exponential DeFi (@ExponentialDeFi) September 19, 2023
Balancer contributor Cosme Fulanito has reportedly confirmed that Balancer’s vault remains 100% fine. That’s why the protocol team urged users not to interact with the Balancer DeFi app, as only the users who use the app are at risk.
According to blockchain sleuth ZachXBT, the attacker(s) was able to siphon off $238,000, which was redirected to an unknown Ethereum address.
Stolen funds are being directed to this address
0x645710Af050E26bB96e295bdfB75B4a878088d7E
~$238k stolen so far pic.twitter.com/rwMybBaLoA
— ZachXBT (@zachxbt) September 20, 2023
This is the second attack on the Balancer DeFi protocol in less than a month. As reported previously in Wealth Growth Insights, on August 24, 2023, the Balancer team asked users to withdraw funds after discovering a vulnerability in some of its V2 liquidity pools (LPs). The swift action by the Balancer team managed to secure more than 80% of the compromised funds.
However, some $5.6 million worth of funds were still in those affected LPs. On August 27, Balancer suffered several flash loan attacks that reportedly were related to the vulnerability found earlier. The attacker(s) was able to bag $2.1 million from these attacks. There has been no more update as the time of writing.
Update:
🚨The @Balancer exploiters have gained a total of ~$2.1METH:
0xB23711b9D92C0f1c7b211c4E2DC69791c2df38c1
0xed187f37e5ad87d5b3b2624c01de56c5862b7a9b
0x429313e53a220c4a5693cad1da26ae5045b5762fFTM:
0x64E08fa89C2bAE9F123cc8a293775f0E6CC86760OPT:… https://t.co/8N0BQyHJ0S pic.twitter.com/tXagAdVzkT
— Beosin Alert (@BeosinAlert) August 29, 2023