Balancer, the decentralized finance (DeFi) protocol built on the Ethereum platform, has encountered a security breach, marking the second such incident in under a month.
In response to the attack detected on its frontend, the platform issued a cautionary notice to its users, advising them to abstain from engaging with the Balancer user interface until further updates are provided.
The breach was brought to the attention of the community on September 19th, at approximately 11:49 pm UTC.
Crypto Theft Totals $238,000
Though a comprehensive assessment of the attack is underway, it has sparked apprehension among users and the wider DeFi community.
Leading blockchain security companies, such as PeckShield, alongside blockchain analyst ZachXBT, have approximated the stolen cryptocurrency’s value at around $238,000.
The attack’s method appears to revolve around the hijacking of the Balancer domain, specifically Balancer.fi.
Users who visited the compromised website unwittingly encountered a prompt to approve a malicious contract, ultimately facilitating the unauthorized transfer of funds from their wallets.
Reports from affected users suggest that this deceptive tactic has been disturbingly effective.
While the investigation into the incident is ongoing, Cosme Fulanito, a contributor to Balancer, has offered some reassurance by stating that the protocol’s vault remains unaffected. However, official confirmation from the company is still pending, leaving the status of user funds within the protocol uncertain.
This security breach serves as an unsettling sequel to Balancer’s recent vulnerability scare in August when the protocol issued a warning about a critical vulnerability. Mere days after this initial warning, the platform fell victim to an estimated $2 million exploit linked to the vulnerability.
Although efforts were made to implement mitigation measures and reduce risks, certain liquidity pools affected by the exploit could not be paused, necessitating an urgent withdrawal advisory for users.
The Balancer team has drawn valuable lessons from the previous incident and has taken prompt action to investigate and contain the current breach. Users are strongly advised to exercise extreme caution, refraining from any interactions with the platform’s user interface until the situation is fully resolved. This incident underscores the ongoing challenge of ensuring security and trust within the ever-evolving DeFi landscape.
