Balancer website hijack puts users at risk

Balancer’s user interface woes follow an exploit last month targeting its liquidity pools

article-image

Vladimir Kazakov/Shutterstock, modified by Blockworks

share

DeFi liquidity protocol Balancer is staring down yet another security vulnerability, this time targeting its user interface. 

The platform issued a notice on social media Tuesday evening, urging users not to interact with the main Balancer UI until further notice as they investigate. Investors and users of Balancer are advised to remain vigilant and await further updates.

Crypto sleuth ZachXBT, revealed on X, formerly Twitter, that the stolen funds are being funneled into a specific Ethereum address. Approximately $238,000 has reportedly been pilfered so far. 

Analysis of the address shows it currently holds 68 ether (ETH) valued at more than $111,000, based on the current ETH price of $1,636.

In the last eight hours, a series of ERC-20 token transfers involving the address labeled “Balancer Attacker” can be viewed from Etherscan, a popular analytics tool. 

Tokens, including Balancer’s native BAL token, liquid staked ether, Aave’s wrapped tokens, and several others, have so far been transferred in and out of the address.

The developments Wednesday follow a series of assaults against the protocol in recent weeks including an exploit of a critical vulnerability in its v2 pools late last month.

Built on the Ethereum blockchain, Balancer functions as both an automated market maker and a liquidity protocol, allowing users to trade tokens directly from its liquidity pools, without the need for a traditional order book.

In recent hours, Balancer’s native token (BAL) has experienced some volatility, though the full extent of the financial fallout remains to be seen. BAL is down 3.2% on the day from a top of $3.44 to $3.27, exchange data shows.

Balancer is not the first DeFi platform to fall victim to a cyber-attack this year. There has been a noticeable uptick in security breaches targeting DeFi projects in recent months, leading to a broader conversation in the industry about the need for enhanced security measures.

The Balancer team said it is currently investigating the issue, and it’s yet unclear how the attackers managed to exploit the system. Blockworks has reached out to learn more.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2023

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Cover Vertex.jpg

Research

The proliferation of new perp DEXs has led to fragmented liquidity across various DEXs and chains. Vertex, known for its vertically-integrated DEX that includes spot, perpetual, and integrated money markets, is now tackling cross-chain liquidity fragmentation through horizontal integration with the launch of new Edge instances. Vertex's integrated offerings and cross-margined account structure amplify the benefits of new instances: native cross-chain spot trading, optimized cross-chain basis trading, consistent interest rates, reduced bridging friction, and more.

article-image

Partnering with EtherFi and Angle, the fully on-chain perp DEX features bespoke collateral

article-image

Sponsored

Gavin Wood introduced the next evolutionary step for the Polkadot network: the Join-Accumulate Machine, or JAM

article-image

The side events were the places to be at Consensus 2024, according to attendees

article-image

Also, who’s come out swinging in the spot ether ETF fee war — and who could undercut them

article-image

I know it is not in their nature, but US regulators could learn a lot by researching the digital asset frameworks that overseas regulators have already gotten right

article-image

Also, the ETF hype train can count out at least one member