DeFi Platform Urges Caution as Frontend Attack Prompts Warnings
In a concerning turn of events, Balancer, the Ethereum-based decentralized finance (DeFi) protocol, has issued a stern warning to its users to steer clear of its platform. The caution comes in the wake of a front-end attack that has put user funds at risk and resulted in the theft of approximately $238,000 worth of cryptocurrency.
The alert was first raised by Balancer on the night of September 19, at precisely 11:49 pm UTC. In a message to its community, the platform urged all users to refrain from interacting with the Balancer protocol’s user interface until further notice.
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!
— Balancer (@Balancer) September 19, 2023
The company has initiated an investigation into the attack but has not yet provided an official statement regarding the extent of the impact on user funds. However, Balancer contributor Cosme Fulanito has unofficially assured the community that Balancer’s vault remains secure, maintaining its integrity at “100% fine.”
Blockchain security experts, including PeckShield and blockchain analyst ZachXBT, have estimated that the attackers managed to siphon off at least $238,000 in cryptocurrency during the breach.
#PeckShieldAlert @Balancer has reported that its frontend under an attack, ~$238k worth of cryptos were stolen https://t.co/aAaj0Xqery pic.twitter.com/YDIjfnNYM4
— PeckShieldAlert (@PeckShieldAlert) September 20, 2023
Disturbingly, some users have reported encountering a malicious contract prompt while interacting with the website, resulting in the unauthorized drainage of their wallets.
🚨 Risk alert @Balancer 's domain (https://t.co/Ikuh2PEJrv) has been hijacked and its prompting users to approve a malicious contract that will drain your wallet.
As far as we can tell, protocol funds are safu and the issue is limited to the hijacked front-end. pic.twitter.com/KrBUutj5H0
— exponential.fi (@ExponentialDeFi) September 19, 2023
One victim shared their experience, cautioning others: “If you open the website, it asks you to change the chain where you hold the most amount of money. After that scam transaction is sent, after confirmation, money is gone. Don’t open the website!!!”
Visitors attempting to access the Balancer website are now greeted with a warning sign, emphasizing the severity of the situation.
Repeat Offender: Balancer’s Recent Security Challenges
This incident marks the second security breach faced by Balancer within less than a month. The platform previously raised alarms on August 22, alerting users to a critical vulnerability. Unfortunately, just days later, the platform fell victim to an estimated $2 million exploit related to this vulnerability.
In response to the initial breach, Balancer posted on August 27 that it was aware of the exploit and had been taking mitigation measures to minimize risks. However, it noted that affected liquidity pools could not be paused, and to prevent further exploits, users were strongly advised to withdraw from the affected liquidity pools.
Also Read: Balancer V2 Pools Face Vulnerability, Customers Are Advised To Withdraw Their Investments