On September 19, 2023, Balancer, an Ethereum-based decentralized finance (DeFi) protocol, notified its community that its frontend was under attack. The platform urged users not to interact with the Balancer protocol until further notice.
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!
— Balancer (@Balancer) September 19, 2023
The details of the attack are still under investigation, but blockchain security firm PeckShield have estimated that at least $238,000 in crypto has been stolen so far. Some users have reported that when interacting with the website, they were being prompted to approve a malicious contract that drained users’ wallets.
#PeckShieldAlert @Balancer has reported that its frontend under an attack, ~$238k worth of cryptos were stolen https://t.co/aAaj0Xqery pic.twitter.com/YDIjfnNYM4
— PeckShieldAlert (@PeckShieldAlert) September 20, 2023
Balancer has not yet officially commented on whether user funds were affected, but Balancer contributor Cosme Fulanito has reportedly confirmed that Balancer’s vault remains “100% fine.”
How did the attackers get away with it?
The attackers are believed to have hijacked Balancer’s domain name (balancer.fi) and redirected users to a malicious website. This website was designed to look like the real Balancer website, but it contained malicious code that prompted users to approve a malicious contract. When users approved the contract, the attackers were able to steal their funds.
What are the implications of this attack?
This attack is a reminder of the risks associated with using DeFi protocols. DeFi protocols are decentralized, meaning that they are not controlled by any single entity. This makes them resistant to censorship and fraud, but it also means that they are more vulnerable to attack.
This attack also highlights the importance of users being vigilant and aware of the risks involved in using DeFi. Users should always be careful about approving contracts and should only use reputable and well-established protocols.
What can be done to prevent future attacks?
There are a number of things that can be done to prevent future attacks on DeFi protocols. One is to improve the security of the protocols themselves. This includes using more secure code and auditing the code regularly for vulnerabilities.
Another important step is to educate users about the risks of DeFi and how to protect themselves. Users should be aware of the different types of attacks that can occur and how to identify them. They should also be careful about approving contracts and should only use reputable and well-established protocols.
Finally, it is important to have a plan in place for responding to attacks. This includes having a way to identify and stop attacks quickly, as well as a way to compensate users who have lost funds.
Related: Crypto Scams: How to Protect Yourself from These Online Threats
Conclusion
The attack on Balancer is a reminder of the risks associated with using DeFi protocols. However, it is important to note that DeFi protocols are still in their early stages of development and that the security of these protocols is constantly improving.
Users should take steps to protect themselves from DeFi attacks, such as only using reputable protocols and being careful about approving contracts. However, users should also be aware that the risks of DeFi are inherent and that there is no guarantee that they will not lose their funds.