The team behind Balancer, an Ethereum-based automated market maker, recently experienced a security breach that resulted in the theft of approximately $238,000 worth of cryptocurrency. The attack occurred on September 19, when the website’s front end was compromised. The Balancer team believes that the attack was the result of a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs.
According to Balancer, the attack was a social engineering attack on EuroDNS, where the domain registrar used for .fi TLDs was targeted. Following the discovery of the attack, Balancer’s decentralized autonomous organization (DAO) took immediate action to address the issue and recover the Balancer UI. After approximately eight hours, the team successfully secured the domain and regained control over Balancer DAO. The subdomains “app.balancer.fi” and “balancer.fi” were declared safe for use again.
Due to the nature of the attack, Balancer suggested that other projects using the same top-level domain should consider moving to a more secure registrar. EuroDNS, a Luxembourg-based domain name registrar and DNS service provider, has not yet commented on the incident.
Blockchain security firms SlowMist and CertiK investigated the attack and discovered that the attackers employed Angel Drainer phishing contracts. SlowMist stated that the attackers used Border Gateway Protocol hijacking to gain control of IP addresses by corrupting internet routing tables. They then tricked users into approving and transferring funds to the Balancer exploiter through the “transferFrom” function.
The hacker, potentially linked to Russia, has reportedly bridged some of the stolen Ether (ETH) to Bitcoin (BTC) addresses via THORChain before moving the funds back to Ethereum. SlowMist revealed that the hacker had already transferred about 15 wrapped-Ether (wETH.e) on the Avalanche blockchain.
Despite Balancer confirming the safety of its subdomains, attempting to access the website may result in a “Deceptive site ahead” warning. Cointelegraph reached out to Balancer for confirmation regarding the amount of funds lost but did not receive an immediate response.
Security breaches like this highlight the importance of robust security measures in decentralized finance (DeFi) protocols. As the adoption of DeFi continues to grow, hackers are increasingly targeting these platforms. It is crucial for DeFi projects to employ stringent security protocols and collaborate with expert security firms to detect and prevent attacks.
In this case, Balancer plans to explore deprecating the .fi top-level domain in favor of a more secure registrar. This decision aligns with the project’s commitment to safeguarding user funds and preventing future security breaches. By being proactive in addressing security vulnerabilities and regularly evaluating their infrastructure, DeFi projects can enhance the protection of their users’ assets.
It is important for the entire DeFi ecosystem to stay vigilant and learn from incidents like this. As the industry evolves, so do the methods used by hackers. By sharing knowledge and best practices, the community can collectively work towards creating a more secure environment for decentralized finance.
In conclusion, the recent security breach faced by Balancer serves as a reminder of the ongoing challenges in the DeFi space. The attack, which resulted in the theft of significant funds, was attributed to a social engineering attack on the domain registrar. Balancer has taken immediate steps to address the issue and regain control over its platform. The incident emphasizes the importance of robust security measures in the DeFi ecosystem and highlights the need for continued vigilance and collaboration within the industry.