Balancer DeFi Protocol Faces Frontend Attack: $238K in Crypto Reportedly Stolen – Balancer, a popular decentralized finance (DeFi) protocol on the Ethereum blockchain, has recently suffered an attack targeting its frontend. The platform has sounded the alarm bells, urging its user base to steer clear of the website until further updates.
Timeline of the Attack
On September 19th, 11:49 pm UTC, Balancer promptly alerted its community about the malicious activity, emphasizing that interactions with the Balancer user interface should be immediately halted.
While Balancer is currently scrutinizing the details of the attack, the specifics remain largely under wraps. Although the company has yet to make an official statement regarding the impact on user funds, Balancer contributor Cosme Fulanito has provided some assurance, stating that the Balancer vault remains intact and “100% fine.”
However, this hasn’t stopped speculations and estimations about the potential loss. Notably, blockchain security entities like PeckShield, along with blockchain analyst ZachXBT, estimate the damage to be around $238,000 in stolen crypto.
How the Attack Unfolded
Users reported that while navigating the Balancer website, they encountered prompts to approve a dubious contract. This malicious contract, once approved, siphoned off funds from users’ wallets. One industry expert explained the user experience succinctly:
“If you open the website, it prompts you to switch to the chain where you hold the most funds. Subsequently, a fraudulent transaction is dispatched, and upon approval, your funds vanish. Stay away from the site!”
Currently, visitors to the Balancer website are greeted with a clear warning message, cautioning them about the ongoing security issue.
A Pattern of Vulnerability?
This isn’t the first time Balancer has been in the hot seat. The platform faced a similar predicament less than a month ago. On August 22nd, Balancer highlighted a critical vulnerability. This alert was followed by an exploit just a few days later, which resulted in a loss estimated at $2 million.
In an announcement on August 27th, the Balancer team acknowledged the exploit, stating: “Balancer is aware of an exploit related to the vulnerability below.” They further noted that while recent mitigation strategies had significantly curtailed the risks, the affected liquidity pools couldn’t be halted. The team advised: “To prevent further exploits, users must withdraw from affected LPs.”
The repeated attacks on Balancer underscore the inherent risks associated with the nascent DeFi space. As the sector continues to expand and evolve, protocols must prioritize robust security measures to safeguard user funds and maintain trust within the community. Users, on their part, must remain vigilant and exercise caution, especially when alerts and vulnerabilities are highlighted.