Blockchain security firms SlowMist and CertiK also believe the crypto wallet drainer Angel Drainer was involved in the estimated $238,000 exploit.
Ethereum-Based Balancer Under Attack, Users Receive Warning
Across their social media channels, Ethereum-based decentralized exchange (DEX) Balancer reported an attack against its front end. The platform confirmed that a Domain Name System (DNS) attack targeted the DEX, preventing users from accessing the DEX.
Ethereum DeFi Under Siege
According to an official post, a team is investigating the DNS attack against Balancer. In the meantime, users were asked to avoid interacting with the DEX’s front end to prevent them from falling victim to the bad actors.
In a DNS attack, bad actors can employ different strategies to compromise the security of a website and drain the users’ crypto wallets. Until the investigation is concluded, the team behind Balancer cannot guarantee that the attackers won’t target users.
The team behind the DEX added the following, confirming the protocol’s Decentralized Autonomous Organization (DAO) involvement in resolving the current situation:
The Balancer DAO is actively addressing the current DNS attack and is working with all relevant parties to ensure the full recovery of the Balancer UI. In the meantime, please DO NOT interact with http://balancer.fi or http://app.balancer.fi until further notice.
Independent crypto investigator ZachXBT reported that over $238,000 had been stolen from the DEX. The investigator confirmed that the funds were sent to this Ethereum address: 0x645710Af050E26bB96e295bdfB75B4a878088d7E.
Further data from Etherscan confirms that the bad actors have begun moving the funds. The individuals use Tornado Cash, another decentralized exchange, to “launder” the stolen funds to gain anonymity.
Pseudonym user Defi_Hanzo was the first to report this development and the first to lose money to the hackers to confirm the DNS attack theory. As seen below, the bad actors took over the Balancer front-end and asked users to change input in the chain where they hold most of their funds.
Once this transaction was completed, bad actors could drain the user’s wallet. DeFi_Hanzo asked the team behind Balancer for a refund after falling victim to the attack.
DeFi’s Public Enemy Number One
Balancer is just one of the many DEX or DeFi applications that have been the victim of some strategy to steal their funds. As Bitcoinist reported, hacks, scams, and other criminal activities in the nascent sector were up 75% by the end of H2 2023 compared to 2022.
Bad actors stole over $650 million over that period, which has continued to rise in the coming months. Of all of the sectors in the crypto industry, DeFi has been the most affected.
The different protocols and applications supported by DeFi platforms lost almost $300 million by the end of H2, 2023. The North Korean affiliate hacker group “Lazarus” has been responsible for many attacks.
As of this writing, Ethereum (ETH) trades at $1,600 with sideways movement in the last 24 hours.
Cover image from Unsplash, chart from Tradingview
DeFi Protocol Balancer Says Web Front End Is ‘Under Attack’
On-chain data appears to show the attacker has stolen over $200,000 from users.
DeFi protocol Balancer frontend is under attack, $238K crypto stolen
The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users to not interact with Balancer’s protocol until further notice.
Balancer Depositors Pull Nearly $100M in Crypto After Vulnerability Warning
Ethereum-based DeFi major Balancer learned of a “critical vulnerability” that imperils a slice of the protocol’s user-deposited crypto.
BREAKING: Balancer V2 Pools Under Threat, LP Users In Race Against Time To Withdraw Funds
Balancer, a decentralized finance (DeFi) protocol operating on the Ethereum blockchain, has recently disclosed a critical vulnerability impacting several of their V2 Pools.
While emergency measures have been implemented successfully to safeguard a significant portion of Total Value Locked (TVL), a portion of funds remains at risk.
As a precautionary measure, Balancer Labs advises users to withdraw their affected Liquidity Provider (LP) funds without delay. It is important to note that, at present, no funds have been lost, and the vulnerability has not been exploited.
Balancer Discovers Critical Vulnerability
According to the announcement, Balancer Labs promptly executed emergency mitigation procedures upon receiving the critical vulnerability report, successfully protecting over 80% of the affected pools. However, approximately 4% of Balancer’s TVL is still exposed to risk.
Balancer has received a critical vulnerability report affecting several V2 Pools.
Emergency mitigation procedures have been executed to secure a majority of TVL, but some funds remain at risk.
Users are advised to withdraw affected LPs immediately.https://t.co/PDzX32gqeS pic.twitter.com/F1f649Wz3L
— Balancer (@Balancer) August 22, 2023
To address this, the Emergency SubDAO 60 swiftly enacted measures to facilitate proportional exits from all impacted pools and implemented a pause on pools that remain within the designated pause window.
While the funds within the mitigated pools (designated as “mitigated”) are believed to be secure, Balancer Labs advises liquidity providers’ users to migrate their holdings to safe pools or initiate immediate withdrawals.
Pools that could not be fully mitigated are labeled as “at risk,” and LPs who are currently part of these affected pools are urged to exit promptly to ensure the safety of their funds.
Furthermore, Balancer Labs has provided a personalized page on their user interface (UI) to assist users in identifying if their connected wallet is associated with any impacted pools. A streamlined withdrawal process has also been established to guide users through the necessary steps.
Ultimately, Balancer Labs plans to publish a comprehensive post-mortem report, detailing the nature of the vulnerability and the steps taken to address it effectively, aiming to provide users with a clear understanding of the incident and the subsequent mitigation efforts.
Following the vulnerability disclosure, Balancer’s native token, bearing the ticker symbol BAL, has experienced a decline of 2.6% in the past few hours. Presently, the token is trading at a value of $3.475.
Featured image from iStock, chart from TradingView.com
DeFi Firms Sign Up to Balancer’s Plan for Tackling Lack of Liquidity
Decentralized finance (DeFi) protocol Balancer has attracted several of its peers with a new tokenomics proposal dubbed the “8020 Initiative.”
Balancer Proposes ‘Permissioned Arbitrage’ to Rescue Inverse Finance’s Frozen Crypto
Automated market maker Balancer is working with a trio of DeFi protocols to rescue crypto frozen since Euler’s massive hack.
DeFi Protocol Balancer Experiences Budget Cuts, Headcount Slashes Ahead of Strategy Pivot
The protocol’s service providers have let go of two front-end engineers as they focus on overhauling the platform’s brand.
Balancer’s Native Coin BAL Resilient Amidst Security Emergency
Balancer’s native token, BAL, appears to be holding up despite the platform’s ongoing security issues. On Friday, Jan. 6, the DeFi project tweeted a statement asking liquidity providers on its platform to withdraw their tokens from certain pools valued at $6.3 million.
Via their official Twitter handle, the decentralized exchange stated there was a security risk that could not be resolved by the platform’s emergency DAO. Thus, they advised LPs to immediately remove their assets from all affected pools.
IMPORTANT: Because of a related issue, LPs of the following pools should remove their liquidity ASAP as the issue cannot be mitigated by the emergency DAO. https://t.co/WcBeBvjdY2
— Balancer (@Balancer) January 6, 2023
BAL Token Holds Its Ground For Now
Earlier today, Balancer confirmed that 85% of the assets in those pools had been moved while still urging LPs to withdraw the remainder as they attempt to resolve the issue at hand. Interestingly, amid the ongoing problem of the decentralized exchange, several investors appeared to have retained their faith in the platform’s native cryptocurrency BAL.
In the last 24 hours following Balancer’s warning, BAL has appeared unaffected, decreasing in value only by 0.13% based on data from CoinMarketCap. At the time of writing, the ERC-20 token is exchanging hands at $5.35, with its market cap value set at $248,354,921, representing only a 0.11% negative change over the last day.
BAL trading at $5.34 | Source: BALUSD chart on Tradingview.com
While it is still too early to determine the effect of the Balancer security problem on BAL’s market performance – especially with the details still unknown – these early signs show that BAL may pull through this period, and investors need not panic.
Is Balancer Experiencing Another Crypto Exploit?
Like every coin in the cryptoverse, there is no given certainty on market patterns. While Balancer has not revealed the nature of the security risk and has assured the public of full disclosure after a successful mitigation, much speculation is still flying around the crypto community.
Many suspect a smart-contract exploit as it won’t be the first the Ethereum-based DEX would fall victim to such. In August 2020, Balancer was hacked, leading to the loss of $500,000 worth of ETH.
However, compared to 2020, when Balancer was still a budding crypto project, the DeFi protocol currently ranks as the fourth biggest decentralized exchange with a TVL value of $1.49 based on data from the DeFi analytics platform Defillama.
If the current fears of exploitation are confirmed, the consequences may be quite drastic for a crypto market that is currently trying to recover after the crash of the FTX exchange late last year.
In November 2022, FTX, formerly one of the biggest cryptocurrency exchanges, collapsed, causing the crypto market to lose billions of dollars. The crash was due to heightened leverage and solvency concerns about FTX’s trading arm Alameda Research, leading to many investors trying to withdraw their assets from the exchange simultaneously, which resulted in a liquidity crisis and, ultimately, bankruptcy.
Featured Image: ICOnow.net, Chart from Tradingview.com
Gnosis, Balancer and PancakeSwap breakout as Bitcoin looks for direction
A series of protocol upgrades and partnership announcements helped to boost GNO, BAL and CAKE even as Bitcoin price searches for support.
Money Legos keep stacking! Finance Redefined 4/21-4/28
Why acquire when you can integrate?
Balancer v2 and Gnosis’ ‘CowSwap’ take aim at MEV with planned integration
The two protocols will collaborate on a joint platform that will combine the best features of each.
Balancer (BAL) price soars to new all-time high: What’s driving the rally?
BAL, the token of the popular automated market maker Balancer, has reached an all-time high due to two major catalysts.
One Big Pool: Balancer’s New Version Cuts Down Transactions and Gas Fees
Version 2 of the DeFi site also has an “asset manager” where idle funds earn yield.
Ocean Protocol and Balancer Want to Do for Data What Uniswap Did for Coins
Ocean Protocol is teaming up with Balancer Labs to create the first automated market maker (AMM) for data.
Market Wrap: Bitcoin Jumps Past $9,400 Despite Weak July Volumes
A short rally popped bitcoin’s price to $9.4K during what’s been a month of sluggish volumes.
What Is Yield Farming? The Rocket Fuel of DeFi, Explained
If all these terms (“DeFi,” “liquidity mining,” “yield farming”) are so much Greek to you, fear not. We’re here to catch you up.
DeFi’s ‘Agricultural Revolution’ Has Ethereum Users Turning to Decentralized Exchanges
Decentralized exchanges (DEXs) are seeing more action than ever thanks to a surge in decentralized finance (DeFi) activity.
Hacker Drains $500K from DeFi Liquidity Provider Balancer
The sophisticated attack exploited a loophole that tricked the protocol into releasing $500,000-worth of tokens.