Balancer Cyberattack Leads to $238K Crypto Theft; Blame Placed on DNS Provider
Summary:
Balancer, an Ethereum-based automated market maker, attributes a recent cyberattack on its website to a social engineering ploy against its DNS service provider, EuroDNS. Post-infiltration, roughly $238,000 in cryptocurrency was stolen. Balancer has since regained control over its domain and reassured users of the safety of its subdomains. The exploiters, believed to be connected to Russia, used Angel Drainer phishing contracts to carry out the attack. Despite Balancer's safety assurances, a deceptive warning on the website remains a concern. The company has yet to confirm the total funds lost.
On September 19, Balancer, an Ethereum-focused automated market maker, had its website exploited due to what the company attributes to a social engineered attack on their DNS service provider, contributing to the theft of roughly $238,000 in cryptocurrency. With thorough scrutiny, Balancer pointed the blame squarely on EuroDNS, the domain registrar for .fi TLDs. About 8 hours after initial red flags were raised, Balancer's decentralized autonomous organization (DAO) became active in managing and resolving the DNS assault and making the necessary steps to reinstate the Balancer user interface. By 5:45 pm UTC on the following day, Balancer reported gaining control back over its domain, securely under the Balancer DAO's charge again. As an added assurance, it validated that its subdomains such as “app.balancer.fi” and other similar “balancer.fi” were safe to use once more.
Nevertheless, Balancer advised any other organizations utilizing the same top-level domain to contemplate on transferring to a more secure registrar. EuroDNS, based in Luxembourg, delivers domain name registration and DNS services. No comment had been received at the time from EuroDNS, despite attempts to reach out.
The exploiters, using Angel Drainer phishing contracts, were reported by blockchain security companies SlowMist and CertiK. SlowMist outlined the attack on Balancer's website as a Border Gateway Protocol sabotage—a method where hackers gain control over IP addresses by tampering with internet routing tables. The intruders deceived users into "approving" and transferring funds through the "transferFrom" function to the Balancer exploiter, according to SlowMist's explanation. The assailants, speculated to be connected to Russia by SlowMist, have converted some of the stolen Ether (ETH) to Bitcoin (BTC) addresses via THORChain and then transferred the ETH back to Ethereum.
Notably, despite Balancer's reassurances about the safety of its subdomains and balancer.fi, the website still triggers a “Deceptive site ahead” warning for users trying to access it.
Attempts were made to get Balancer to confirm the total loss, with no immediate response received.
Published At
9/21/2023 12:31:48 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.