Balancer lost $238,000 in a front-end attack

by

hack_a-min
hack_a-min

On the night of September 20, the team of the DeFi programmable liquidity protocol Balancer reported a hack frontend and urged to refrain from further use of the platform interface.

According to on-chain data studied by ZachXBT analyst, the amount of damage amounted to about $238,000.

Balancer developers are still investigating the incident and it is officially unknown whether the hack affected user funds. Project representative in the Discord channel Cosme Fulanito confirmedthat the storage is “100% fine.”

Balancer is a community-driven protocol on the Ethereum network launched in 2020. It functions as an automated portfolio manager, liquidity provider and price tracker.

The platform supports seven EVM-compatible networks. According to DeFi Llama, the total value of funds locked in the second version of Balancer is $608 million.

The protocol also has a BAL governance token. According to CoinGecko, at the time of writing the asset is trading at $3.27, down 2.5% over the past 24 hours.

Following the frontend hack, some users reported that when interacting with the website, they were prompted to approve a malicious contract that steals funds from wallets.

“If you open the website, it will ask you to change the chain in which you have the largest amount of assets. Once the fraudulent transaction is confirmed, the money will disappear. Don’t open the site,” one community member warned.

When trying to access Balancer through a browser, a phishing warning popped up for some time.

420bfa84-3eba-4051-8a78-8fdf358d3da5
Data: balancer.fi.

On-chain data indicates that the attacker transferred some of the funds to the Avalanche blockchain in the form of “wrapped” ETH and made a test transaction through the Tornado Cash mixer.

Over the past month, Balancer has already experienced its second attack. On August 22, the project team reported an error related to liquidity pools. At risk were assets deployed on Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom and zkEVM. Experts estimated the damage from the hack at $900,000.

Following a recent incident, HashKey platform co-founder Ben El-Baz wonderedHow you can protect yourself from attacks on Web 2.0 application interfaces when using digital assets.

Lead developer and founder of Dappling Network under the nickname 0xBookland advised ordinary users to use special security extensions like Joinfire. To the protocols, he suggested improving the website update monitoring system and improving the threat alert system.

“Onchain DNS is no longer just an option, it’s a necessity. This was 100% DNS hijacking,” assumed representatives of the domain provider Decentraweb.

A previously unknown person attacked the Cypher decentralized exchange based on Solana and withdrew about $1 million in cryptocurrencies.

Let us recall that in August, the Zunami Protocol profitability aggregator was subject to an exploit, as a result of which it lost $2.1 million in digital assets.

That same month, a hacker hacked the $12 million DeFi project Exactly Protocol by exploiting a vulnerability in its smart contract.

Found an error in the text? Select it and press CTRL+ENTER

ForkLog newsletters: keep your finger on the pulse of the Bitcoin industry!

Leave a Reply