Balancer website hijack puts users at risk

Balancer’s user interface woes follow an exploit last month targeting its liquidity pools

September 20, 2023 06:05 am

Vladimir Kazakov/Shutterstock, modified by Blockworks

DeFi liquidity protocol Balancer is staring down yet another security vulnerability, this time targeting its user interface.

The platform issued a notice on social media Tuesday evening, urging users not to interact with the main Balancer UI until further notice as they investigate. Investors and users of Balancer are advised to remain vigilant and await further updates.

Crypto sleuth ZachXBT, revealed on X, formerly Twitter, that the stolen funds are being funneled into a specific Ethereum address. Approximately $238,000 has reportedly been pilfered so far.

Analysis of the address shows it currently holds 68 ether (ETH) valued at more than $111,000, based on the current ETH price of $1,636.

Newsletter

Subscribe to The Breakdown

In the last eight hours, a series of ERC-20 token transfers involving the address labeled “Balancer Attacker” can be viewed from Etherscan, a popular analytics tool.

Tokens, including Balancer’s native BAL token, liquid staked ether, Aave’s wrapped tokens, and several others, have so far been transferred in and out of the address.

The developments Wednesday follow a series of assaults against the protocol in recent weeks including an exploit of a critical vulnerability in its v2 pools late last month.

Built on the Ethereum blockchain, Balancer functions as both an automated market maker and a liquidity protocol, allowing users to trade tokens directly from its liquidity pools, without the need for a traditional order book.

In recent hours, Balancer’s native token (BAL) has experienced some volatility, though the full extent of the financial fallout remains to be seen. BAL is down 3.2% on the day from a top of $3.44 to $3.27, exchange data shows.

Balancer is not the first DeFi platform to fall victim to a cyber-attack this year. There has been a noticeable uptick in security breaches targeting DeFi projects in recent months, leading to a broader conversation in the industry about the need for enhanced security measures.

The Balancer team said it is currently investigating the issue, and it’s yet unclear how the attackers managed to exploit the system. Blockworks has reached out to learn more.

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
0xResearch: Alpha in your inbox. Think like an analyst.

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

recent research

Research

Kinetiq Protocol: From LST Infrastructure to HIP-3 Deployer

Kinetiq has established itself as Hyperliquid's dominant liquid staking protocol, holding 82.5% of LST market share with $610M in TVL. The protocol is now expanding beyond its kHYPE staking core into higher take-rate verticals: iHYPE for institutional custody rails, Launch for HIP-3 capital formation, and Markets for builder-deployed perpetuals. We view Markets, launching Jan. 12, as the highest-potential product line given its mechanically scalable, activity-linked unit economics. Near-term revenue remains anchored by kHYPE's KIP-2 fee schedule (~$1.6M annualized), while Markets provides embedded optionality if HIP-3 economics normalize post-Growth Mode. KNTQ's setup is relatively clean: zero insider unlocks until November 2026, 6.2% buyback yield from staking revenue, and cleared airdrop overhang. Risks center on unproven Markets execution, declining kHYPE TVL despite ongoing incentives, and competition from Hyperliquid's native initiatives.

by Shaunda Devens