The Balancer team has stated that a social engineering attack on its domain registrar, EuroDNS, was responsible for the compromise of its website’s frontend on September 19. This incident resulted in an estimated $238,000 in cryptocurrency being stolen.
Balancer DAO actively addressed the DNS attack and successfully secured the domain, bringing it back under the control of Balancer DAO on September 20. The project confirmed that its subdomains, such as “app.balancer.fi,” are safe to use again.
Blockchain security firms SlowMist and CertiK reported that the attacker used Angel Drainer phishing contracts. The exploiters attacked the Balancer website through Border Gateway Protocol (BGP) hijacking, taking control of IP addresses by manipulating internet routing tables. They induced users to approve and transfer funds using the “transferFrom” function to the Balancer exploiter.
Balancer Addressing Security Breach After $238,000 in Cryptocurrency Stolen
SlowMist suggested that the hacker may have ties to Russia and noted that the stolen Ether (ETH) was bridged to Bitcoin (BTC) addresses via THORChain before being returned to Ethereum. Additionally, about 15 wrapped-Ether (wETH.e) was transferred on the Avalanche blockchain.
Despite Balancer confirming the safety of its subdomains, users attempting to access the Balancer website continued to see a “Deceptive site ahead” warning as of September 20.
The exact amount of funds lost in the attack has not been confirmed by Balancer at the time of writing.