Balancer regains domain control after DNS attack, weighs registrar switch

The attack prompted the Balancer team to issue a public notice advising users not to interact with the platform’s user interface on Tuesday

article-image

Harvepino/Shutterstock, modified by Blockworks

share

Decentralized finance liquidity protocol Balancer said Wednesday it has regained control over its domain after a DNS attack on Tuesday left its user interface compromised. 

Balancer, in a statement on social media, said its “domain is now secure and back under the control of the Balancer DAO.”

The attack prompted the Balancer team to issue a public notice advising users not to interact with the platform’s user interface while they continued to investigate the incident. 

Balancer attributed the attack to social engineering tactics executed on EuroDNS, a domain registrar for the .fi top-level domain (TLD). Balancer is exploring the deprecation of the .fi TLD in favor of a more secure domain registrar, and is recommending others follow suit.

The “.fi” TLD is the country code specifically designated for Finland. Like other country-code TLDs such as “.uk” for the United Kingdom or “.au” for Australia, “.fi” is primarily intended for entities located within or associated with the designated country.

Blockworks has reached out to learn more, but has yet to receive a response.

Crypto analyst ZachXBT on Tuesday disclosed that stolen funds from the platform were being routed to a specific Ethereum address. The theft reportedly totaled approximately $238,000. 

The attack also triggered fluctuations in the value of Balancer’s native token (BAL), sending the token down by 3.2% from a daily high of $3.44 to $3.27 on Tuesday. The asset has since fallen a further 1.2% to $3.23 on the day.

Balancer’s security incident is the latest in a series of setbacks for the protocol. The platform faced a similar exploit targeting its liquidity pools last month. 

Constructed on the Ethereum blockchain network, Balancer serves dual roles as an automated market maker and a liquidity facilitator. This enables users to conduct token trades directly through its liquidity pools, eliminating the necessity for a conventional order book.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template (11).png

Research

Union’s technical design brings measured improvements to crosschain interoperability. By combining a consensus-verified hub with novel constructs like state lenses and ZK proofs for client updates, Union achieves an interoperability protocol that is highly performant, trust-minimized, and scalable.

article-image

The Google Cloud Web3 lead outlined a new Layer 1 with CME piloting tokenization on its rails

by Blockworks /
article-image

Camp is looking to onboard licensors and creators to monetize their content for AI agents

article-image

The US regulator will use Nasdaq’s system to detect manipulation across derivatives and prediction markets

by Blockworks /
article-image

SOL and HYPE have rebounded, dYdX course corrects (again)

article-image

Over 100 crypto firms and advocates urge Congress to shield open-source builders and non-custodial providers

by Blockworks /
article-image

The probabilities app is finding mainstream success