On the night of September 20, the team of the DeFi programmable liquidity protocol Balancer reported a hack frontend and urged to refrain from further use of the platform interface.
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!
— Balancer (@Balancer) September 19, 2023
According to on-chain data studied by ZachXBT analyst, the amount of damage amounted to about $238,000.
Stolen funds are being directed to this address
~$238k stolen so far pic.twitter.com/rwMybBaLoA
— ZachXBT (@zachxbt) September 20, 2023
Balancer developers are still investigating the incident and it is officially unknown whether the hack affected user funds. Project representative in the Discord channel Cosme Fulanito confirmedthat the storage is “100% fine.”
Balancer is a community-driven protocol on the Ethereum network launched in 2020. It functions as an automated portfolio manager, liquidity provider and price tracker.
The platform supports seven EVM-compatible networks. According to DeFi Llama, the total value of funds locked in the second version of Balancer is $608 million.
The protocol also has a BAL governance token. According to CoinGecko, at the time of writing the asset is trading at $3.27, down 2.5% over the past 24 hours.
Following the frontend hack, some users reported that when interacting with the website, they were prompted to approve a malicious contract that steals funds from wallets.
Massive Balancer HACK 🚨@Balancer was hacked
If you open the website it asks you to change the chain, where you hold the most amount of money
After that scam transaction is sent, after confirmation money are gone
Don’t open the website!!!
Maximum repost pic.twitter.com/d0jYDTeatf
— Hanzo ㊗️ (@DeFi_Hanzo) September 19, 2023
“If you open the website, it will ask you to change the chain in which you have the largest amount of assets. Once the fraudulent transaction is confirmed, the money will disappear. Don’t open the site,” one community member warned.
When trying to access Balancer through a browser, a phishing warning popped up for some time.
On-chain data indicates that the attacker transferred some of the funds to the Avalanche blockchain in the form of “wrapped” ETH and made a test transaction through the Tornado Cash mixer.
Over the past month, Balancer has already experienced its second attack. On August 22, the project team reported an error related to liquidity pools. At risk were assets deployed on Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom and zkEVM. Experts estimated the damage from the hack at $900,000.
Following a recent incident, HashKey platform co-founder Ben El-Baz wonderedHow you can protect yourself from attacks on Web 2.0 application interfaces when using digital assets.
Lead developer and founder of Dappling Network under the nickname 0xBookland advised ordinary users to use special security extensions like Joinfire. To the protocols, he suggested improving the website update monitoring system and improving the threat alert system.
For users, there are some extensions like @_joinfire
For protocols, the best solution is probably setting up monitoring that:
* Looks at where the frontend is pointing to
* What contracts the frontend is interacting with
and if those don’t ever match what is expecting, sent…
— russell (bookland) (@0xBookland) September 20, 2023
“Onchain DNS is no longer just an option, it’s a necessity. This was 100% DNS hijacking,” assumed representatives of the domain provider Decentraweb.
A previously unknown person attacked the Cypher decentralized exchange based on Solana and withdrew about $1 million in cryptocurrencies.
Let us recall that in August, the Zunami Protocol profitability aggregator was subject to an exploit, as a result of which it lost $2.1 million in digital assets.
That same month, a hacker hacked the $12 million DeFi project Exactly Protocol by exploiting a vulnerability in its smart contract.
Found an error in the text? Select it and press CTRL+ENTER
ForkLog newsletters: keep your finger on the pulse of the Bitcoin industry!