Balancer Front-End Attack Results in $238,000 Loss

Overview

Balancer, a popular DeFi protocol on Ethereum, suffered a front-end attack that tricked users into sending funds to the hacker's address.

Attack Details

On the morning of 20/09, Balancer's official X (Twitter) account issued a warning that the project's website front-end had been compromised. Users were advised not to interact with the site at that time.

“Risk alert: Balancer's domain has been hijacked, prompting users to approve a malicious contract that will drain your wallet. Protocol funds are safe, but the issue is limited to the hijacked front-end.”

It appears the hacker gained access to Balancer's front-end, altering it to redirect users' interactions to a malicious address.

Stolen Funds

According to on-chain detective ZachXBT, the hacker managed to steal approximately $238,000 worth of assets from Balancer users who accessed the UI during the attack.

“Stolen funds are being directed to this address: 0x645710Af050E26bB96e295bdfB75B4a878088d7E. ~$238k stolen so far.”

Token Price Reaction

Interestingly, the price of BAL, Balancer's native token, did not drop; it actually saw a slight increase following the front-end attack news.

Recent Attacks on Balancer

This is the second attack on Balancer in less than a month. In late August, shortly after discovering a critical vulnerability, an unidentified hacker managed to steal over $2 million in assets from the protocol.

Conclusion

The recent attack on Balancer highlights the ongoing security challenges faced by DeFi protocols. Despite the setbacks, the resilience of the BAL token price suggests a strong community and user base. Balancer must address these security vulnerabilities promptly to maintain trust and security within its ecosystem.