Balancer DeFi Protocol Exploited Again: $238k Drained
Balancer, a DeFi protocol, suffers security breach, losing $238,000. Prompt response and investigation conducted.
Balancer, a DeFi protocol, recently experienced another security breach, leading to a loss of $238,000. On September 20, Balancer promptly alerted its user base about a potential attack on its frontend. The platform's immediate response was to advise users not to interact with its user interface until a thorough investigation was conducted.
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice! — Balancer (@Balancer) September 19, 2023
Blockchain security firm PeckShield, along with crypto analyst ZachXBT, confirmed that approximately $238,000 worth of crypto assets had been siphoned off in the attack. The attacker reportedly swapped 15.4 ETH for around 2,730 AVAX and subsequently transferred them to the Mexc exchange.
Stolen funds are being directed to this address
0x645710Af050E26bB96e295bdfB75B4a878088d7E
~$238k stolen so far pic.twitter.com/rwMybBaLoA — ZachXBT (@zachxbt) September 20, 2023
Users attempting to access the Balancer website with MetaMask installed encountered a warning message:
"MetaMask flagged the site you're trying to visit as potentially deceptive. Attackers may trick you into doing something dangerous."
Screenshot from compromised Balancer website.
Web3 analyst "cyclop" pointed out that the Balancer website had been injected with a malicious program named "Drainer." This program was generating approval transactions, enabling a malevolent contract to transfer all funds from user wallets.
This isn't the first time Balancer has been targeted. Less than a month prior, on August 22, Balancer Labs reported a critical vulnerability affecting several V2 Pools. The protocol also cautioned users about a potential exploit earlier in January.
Balancer BAL Price Chart
Following the recent attack, BAL token prices experienced volatility, spiking to $3.45 before settling at $3.27. Despite the security concerns, the protocol's total value locked remained steady at $710 million.
