Balancer Protocol Confirms Social Engineering Attack Behind Front-end Exploit

Balancer, a DeFi protocol, faces setback due to social engineering attack on its front-end. Hackers stole $238k, prompting caution for users.

Sep 21, 2023 - 14:35
Oct 18, 2023 - 16:09
Balancer Protocol Confirms Social Engineering Attack Behind Front-end Exploit
Reading time - 1 min

Balancer, a DeFi protocol, recently experienced a significant setback, confirming that a social engineering attack was behind its front-end issues. 

On September 20, the Balancer team identified an issue with its interface, tracing it back to a DNS attack. This exploit led to hackers stealing a staggering $238,000. As a precaution, users were promptly advised to refrain from interacting with Balancer's website.

Post the discovery, Balancer initiated a thorough investigation. The findings revealed that the attack was a result of a compromised domain registrar, specifically targeting EuroDNS, which handles .fi TLDs. Balancer's team is now considering moving away from the .fi TLD to ensure enhanced security.

"After investigation, it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs. We are exploring deprecating the .fi TLD in order to move to a more secure registrar and suggest that other projects using the TLD do the same."

Attackers cunningly integrated a malicious prompt into Balancer's website, which sought access to users' non-custodial wallets. Unfortunately, several users granted this access, leading to the theft of crypto assets worth $238,000. This DNS attack, combined with previous vulnerabilities, has resulted in Balancer incurring losses amounting to $1.1 million within a mere 30 days.

Balancer is not alone in facing security breaches. Other crypto service providers, including centralized exchanges like CoinEx and Remitano, have also been victims of hacks, leading to the loss of millions in crypto assets. DeFi protocols such as Arcadia Finance and Euler Finance have similarly been exploited.

Many blockchain investigators such as ZachXBT, along with U.S. authorities, suspect the North Korean hacker group Lazarus to be behind a series of exploits. This group is believed to have targeted various platforms, including crypto casino Stake, CoinsPaid, and Atomic Wallet.

Post the attack, Balancer has taken proactive steps to secure its domains, with the Balance DAO (a decentralized autonomous organization) overseeing the Ethereum-based automated market maker.

Philip Bohmer Philip is a seasoned journalist that brings clarity to the complex world of cryptocurrencies through his articulate and insightful articles. His passion for blockchain technology fuels his writing, making him a trusted voice in the rapidly evolving digital currency landscape.