Balancer confirms social engineering attack caused front end issues

The decentralized finance protocol Balancer suffered an exploit attack for nearly $900,000 in just a few days after a critical vulnerability was discovered.

The Balancer team said a DNS attack was the source of an issue on its interface that was discovered on Sep. 20. Per reports, hackers stole $238,000 and users were advised to avoid interacting with the project’s website.

The matter was previously under investigation, as reported following an alert from Balancer.

According to a later update, the protocol’s domains have now been secured by the Balance DAO, a decentralized autonomous organization that manages the Ethereum-based automated market maker.

The team traced the attack to a compromised domain registrar and warned other projects to take necessary measures.

After investigation, it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs. We are exploring deprecating the .fi TLD in order to move to a more secure registrar and suggest that other projects using the TLD do the same.

Balancer on X

Attackers infiltrated Balancer’s website with a malicious prompt that sought access to users’ non-custodial wallets. Some users fell prey and hackers stole $238,000 worth of crypto, according to on-chain investigator ZachXBT. 

The DNS attack brought Balancer’s total losses to $1.1 million in 30 days. Indeed, the decentralized platform previously lost $900,000 due to a critical bug exploited by hackers.

Balancer counts among several crypto service providers mobbed by exploits and cyber attacks. Centralized crypto exchanges CoinEx and Remitano both suffered hacks, losing millions of dollars in crypto.

Hackers also exploited decentralized finance (defi) protocols Arcadia Finance and Euler Finance.

Digital asset participants and U.S. authorities believe that state-funded North Korean hacker group Lazarus was responsible for a flurry of exploits on platforms like crypto casino Stake, payments processor CoinsPaid, and wallet provider Atomic Wallet among others.

These incidents perhaps underscore security concerns from both crypto skeptics and proponents alike as the nascent industry seeks to establish itself as a legitimate industry capable of safeguarding users’ assets.

Source link

About The Author

Scroll to Top