Balancer Frontend Hit By DNS Attack, Over $250K Stolen

The hackers have moved a portion of the stolen funds to the MEXC exchange and bridged funds to Ethereum and Bitcoin.

By Nivesh Rustgi

2 min read

The front-end websites of popular decentralized exchange (DEX) Balancer were hit by a Domain Name System (DNS) attack on September 19.

Hackers compromised Balancer’s domain names to redirect users or their transactions to a malicious destination.

The Balancer team first alerted users about interacting with the balancer UI yesterday at 7:49 pm EST.

The balancer team updated in a recent tweet that they’re working toward “full recovery of the Balancer UI” and advised users to “NOT interact with http://balancer.fi or http://app.balancer.fi until further notice.”

According to Balancer’s Discord, a Cloudflare alert has been set up to warn users about interacting with “the frontend and wallets have warnings too.”

Independent blockchain sleuth ZachXBT posted the hacker’s address an hour after Balancer’s tweet, reporting a loss of $238,000.

Arkham’s inflow data shows that in total, tokens worth $253,044 have been stolen—indicating that the majority of the exploit happened within the first couple of hours.

The hacker’s address has received multiple stolen assets from networks including Ethereum, Arbitrum, Optimism, Polygon, Base, and Avalanche.

The hackers have transferred nearly $100,000 worth of tokens to another address, which saw deposits worth over $25,000 to the MEXC crypto exchange.

On-chain transactions show the hackers are attempting to bridge funds to Ethereum, on-chain security firm BlockSec told Decrypt.

Security audit company PeckShield found that the hacker also bridged ETH worth $14,500 to Bitcoin using cross-chain protocol Thorchain.

Protecting from DNS attacks

While DNS attacks are uncommon within crypto circles, they’ve occurred before with Curve Finance in August 2022 and PancakeSwap in May 2021.

BlockSec analysts told Decrypt that the DNS attack is “one attack surface, which can trick users. However, it's hard to perform.”

They added that it's unlikely to become a common attack vector, “considering the technical challenge to perform and the attack profit.”

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News