Balancer frontend is being attacked

[bbc.reporter]

Traders and investors who use DeFi to buy their tokens, do not use Balancer because they are undergoing a hacking attack. According to Balancer, only the website is being attacked but their smart contracts have been functioning normally.



ZachXBT, an on-chain researcher, said that user funds are being redirected to an unknown Ethereum account, presumably the attacker’s. Roughly $238,000 is in the account so far.

Balancer’s smart contracts are not compromised, according to a moderator on the project’s Discord. This means that only users interacting with the website are at risk.

Source https://thedefiant.io/hackers-compromise-balancer-website-in-ongoing-exploit

[1714767941]

1714767941

[Husires]

I see they posted a $2 million bounty for discovering bugs but I doubt they would pay hackers to discover these bugs, and oddly enough there is no way to ensure that you are interacting correctly with the service's smart contracts.
These services need to seriously consider their investment in customer security more than interface development and marketing, which seems to be their focus. I saw that there is an amount of $238,000. Is this service popular for daily trading of these amounts? Where is the platform team for not tracking such vulnerabilities.

[Godday]

This is an issue that the service should think about. Digital security. Currently, many similar services have been hacked. The cryptocurrency network is decentralized, which means that if digital security related to user data or transaction security can still be hacked, then people's trust in the service will decrease drastically. I haven't used the Balancer defi protocol since I've been using uniswap but I think this should be a serious concern for any DeFi protocol developer.

[cryptoaddictchie]

I think these scammers are really targeting defi hub right now. Since this months few protocols already been compromise and now even Balancer has been breached. Every protocol out there must upgrade their security measure as they need to defend from this group. You think the one that continously doing this came from a certain group? Like the Lazarus hackers from the North Korea?

[bbc.reporter]

@cryptoaddictchie. On Lazarus of North Korea, I am quite certain anything can be blamed on them by the DOJ or another department to force another executive order very much similar to how the DOJ implied that North Korean hackers were using Tornado Cash to launder their tokens.

I would not be shocked if the official news reported the involvement of Lazarus, however, I would also not be shocked if it was not true hehehe.

[Husires]

This is an issue that the service should think about. Digital security. Currently, many similar services have been hacked. The cryptocurrency network is decentralized, which means that if digital security related to user data or transaction security can still be hacked, then people's trust in the service will decrease drastically. I haven't used the Balancer defi protocol since I've been using uniswap but I think this should be a serious concern for any DeFi protocol developer.

The hack here was not for the smart contract, but rather for the service URL, where the front-end was hacked. when you click on the link, you do not reach the real site, but rather directly to the scammer’s URL, who may ask you for your data, link your wallet, or even seeds.

Decentralized smart contracts cannot be hacked, but the bridges can be manipulated so that all deposits are withdrawn to the scammer’s address, and then some assets are recovered by freezing or tracking them.

@cryptoaddictchie. On Lazarus of North Korea, I am quite certain anything can be blamed on them by the DOJ or another department to force another executive order very much similar to how the DOJ implied that North Korean hackers were using Tornado Cash to launder their tokens.

I would not be shocked if the official news reported the involvement of Lazarus, however, I would also not be shocked if it was not true hehehe.

If Lazarus of North Korea can did this, then they most likely have the capabilities to hack large companies, but I think that mentioning their name in the reports is due to their management of several mixers. These mixers hide the trace of these hackers and some money laundering services.

[cryptoaddictchie]

I would not be shocked if the official news reported the involvement of Lazarus, however, I would also not be shocked if it was not true hehehe.

Probably it is possible they linked it again. Sometimes the media is quite clever and putting blames on the hacker itself but I am finding on chain evidences that are more credible like how zach used to investigate before believing to it. Chances are Government are making it pinned to Lazarus Group but they just wanted to create like you said another executive and finding out reason for it. If theres none make one right? Haha.

[vv181]

DNS attack is an age-old method for a scammer to attack their victim. This is not the first time cryptocurrency platforms have been targeted for DNS attacks, certainly due to the nature of how the money is easily involved in the user process of website usage it became a lucrative target. This also reminds us of how not decentralized defi is.

Now the main question is how and which parts of the chain the hacker is able to penetrate the vulnerability. It is from Balancer's owned domain hosting management account or does it contain the hosting interference, say their employee got socially engineered or something? Would be interesting to see how this would turn out later.

[Husires]

DNS attack is an age-old method for a scammer to attack their victim. This is not the first time cryptocurrency platforms have been targeted for DNS attacks, certainly due to the nature of how the money is easily involved in the user process of website usage it became a lucrative target. This also reminds us of how not decentralized defi is.

I agree with you that defi is not that decentralized but what happened here was a DNS attack and the smart contract has nothing to do with this topic, if anything indicates limited experience or that some of them tried to exploit this vulnerability.

Each party here will blame the other party and the truth will disappear between them, but it is a sufficient signal to stop using this service.

[vv181]

DNS attack is an age-old method for a scammer to attack their victim. This is not the first time cryptocurrency platforms have been targeted for DNS attacks, certainly due to the nature of how the money is easily involved in the user process of website usage it became a lucrative target. This also reminds us of how not decentralized defi is.

I agree with you that defi is not that decentralized but what happened here was a DNS attack and the smart contract has nothing to do with this topic, if anything indicates limited experience or that some of them tried to exploit this vulnerability.

Each party here will blame the other party and the truth will disappear between them, but it is a sufficient signal to stop using this service.

I did not say and meant any of the smart contracts being penetrated. I mean that the way the decentralized finance platform currently works is still utilising a centralized protocol, although since it became the norm people still call it "defi".

Regarding the hack, technically it should be feasible to seek the root cause of the incident, it is only the matter of each party to address the concerning matter truthfully. The latest update by Balance said their DNS registrar got hijacked. They claim it in a clear manner.

After investigation it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs.

We are exploring deprecating the .fi TLD in order to move to a more secure registrar and suggest that other projects using the TLD do the same.

So, since EuroDNS hasn't made a press release, let's see how they handle the accusation by the Balancer team.

[wallet4bitcoin]

I saw the news of balancer being hacked again, I wonder what's the hack for these days.
Now and again, there are cases of hacks in the space, I think it has connections from within those projects.

I know projects are targeted often but for projects that are not trending, I think it's not just a random attack but one that is aided from within its network of workers.