Key takeaways:
- After being attacked on its front end, the Ethereum-based DeFi protocol Balancer advises users not to visit its website.
- Blockchain security companies like PeckShield and blockchain researcher ZachXBT have lost at least $238,000 in cryptocurrencies.
After being attacked on its front end, the Ethereum-based DeFi protocol Balancer advises users not to visit its website.
On September 19, the platform informed its community and urged users to refrain from using the Balancer user interface until further notice.
According to Balancer, the attack’s specifics are being looked into. Although the company hasn’t officially stated whether customer assets were impacted, Balancer contributor Cosme Fulanito is said to have certified that the vault is still “100% fine.”
When users try to access the Balancer website, a caution message appears. Some customers claim that they are asked to approve a harmful contract that depletes their bank accounts upon using the website.
The investigation into the attack’s specifics is ongoing, and whether user money has been compromised is unknown. However, according to estimates from blockchain security companies like PeckShield and blockchain researcher ZachXBT, at least $238,000 in cryptocurrencies have been lost.
PeckShieldAlert reports that MEXC, a cryptocurrency exchange, sent 1.04 $AVAX to the attacker’s associated address, 0xf998. A recent update noted that the hacker converted 15.4 $ETH into roughly 2,730 $AVAX before sending the money to MEXC’s deposit address.
What other users have purportedly gone through was described by an industry expert as follows:
“If you open the website it asks you to change the chain, where you hold the most amount of money. After that scam transaction is sent, after confirmation money are gone. Don’t open the website!!!”
This is Balancer’s second attack in less than a month after it issued a severe vulnerability warning on August 22 and was the target of a $2 million vulnerability-related hack two days later.
On August 27, the protocol’s team announced on X that “Balancer is aware of an exploit related to the vulnerability below,” adding that while risk-mitigation steps recently implemented had significantly decreased risks, vulnerable pools could not be halted. Additionally, the platform advised users to withdraw their funds after identifying a severe security flaw.
