Balancer regains domain control after DNS attack, weighs registrar switch

The attack prompted the Balancer team to issue a public notice advising users not to interact with the platform’s user interface on Tuesday

by Sebastian Sinclair /

September 21, 2023 04:37 am

Harvepino/Shutterstock, modified by Blockworks

Decentralized finance liquidity protocol Balancer said Wednesday it has regained control over its domain after a DNS attack on Tuesday left its user interface compromised.

Balancer, in a statement on social media, said its “domain is now secure and back under the control of the Balancer DAO.”

The attack prompted the Balancer team to issue a public notice advising users not to interact with the platform’s user interface while they continued to investigate the incident.

Newsletter

Subscribe to The Breakdown

Balancer attributed the attack to social engineering tactics executed on EuroDNS, a domain registrar for the .fi top-level domain (TLD). Balancer is exploring the deprecation of the .fi TLD in favor of a more secure domain registrar, and is recommending others follow suit.

The “.fi” TLD is the country code specifically designated for Finland. Like other country-code TLDs such as “.uk” for the United Kingdom or “.au” for Australia, “.fi” is primarily intended for entities located within or associated with the designated country.

Blockworks has reached out to learn more, but has yet to receive a response.

Crypto analyst ZachXBT on Tuesday disclosed that stolen funds from the platform were being routed to a specific Ethereum address. The theft reportedly totaled approximately $238,000.

The attack also triggered fluctuations in the value of Balancer’s native token (BAL), sending the token down by 3.2% from a daily high of $3.44 to $3.27 on Tuesday. The asset has since fallen a further 1.2% to $3.23 on the day.

Balancer’s security incident is the latest in a series of setbacks for the protocol. The platform faced a similar exploit targeting its liquidity pools last month.

Constructed on the Ethereum blockchain network, Balancer serves dual roles as an automated market maker and a liquidity facilitator. This enables users to conduct token trades directly through its liquidity pools, eliminating the necessity for a conventional order book.

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
0xResearch: Alpha in your inbox. Think like an analyst.

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

recent research

Research

Kinetiq Protocol: From LST Infrastructure to HIP-3 Deployer

Kinetiq has established itself as Hyperliquid's dominant liquid staking protocol, holding 82.5% of LST market share with $610M in TVL. The protocol is now expanding beyond its kHYPE staking core into higher take-rate verticals: iHYPE for institutional custody rails, Launch for HIP-3 capital formation, and Markets for builder-deployed perpetuals. We view Markets, launching Jan. 12, as the highest-potential product line given its mechanically scalable, activity-linked unit economics. Near-term revenue remains anchored by kHYPE's KIP-2 fee schedule (~$1.6M annualized), while Markets provides embedded optionality if HIP-3 economics normalize post-Growth Mode. KNTQ's setup is relatively clean: zero insider unlocks until November 2026, 6.2% buyback yield from staking revenue, and cleared airdrop overhang. Risks center on unproven Markets execution, declining kHYPE TVL despite ongoing incentives, and competition from Hyperliquid's native initiatives.

by Shaunda Devens