The Ethereum-based decentralized finance (DeFi) protocol, Balancer, has been hit by a second major security breach within a month, leading to significant losses for its users. The platform’s front-end was targeted in a sophisticated attack that drained user wallets via a malicious contract.
On Tuesday, the hackers managed to move a portion of the stolen funds to the MEXC exchange and bridged funds to Ethereum and Bitcoin. The decentralized exchange Balancer’s domain names were compromised in a Domain Name System (DNS) attack on Monday, redirecting users or their transactions to a malicious destination. Blockchain sleuth ZachXBT reported a loss of $238,000, while Arkham’s inflow data indicated that tokens worth $253,044 had been stolen in total.
The Balancer team first alerted users about the issue on Monday evening and has since been working toward full recovery of the Balancer UI. Users have been advised not to interact with the Balancer UI until further notice. Cloudflare (NYSE:NET) alerts have also been set up to warn users about interacting with the platform.
This breach comes just weeks after Balancer warned its users of a critical vulnerability in its system. Shortly after this revelation, the protocol experienced an exploit related to this vulnerability which reportedly cost them an estimated $2 million.
Despite these incidents, Balancer contributor Cosme Fulanito assured users that Balancer’s vault remains “100% fine.” However, many in the community are anxiously waiting for more official clarifications from the platform.
These breaches serve as stark reminders of the risks associated with the rapidly evolving DeFi sector. With the complex smart contract mechanisms that underpin it, even seemingly secure platforms like Balancer can become targets for sophisticated cyber-attacks. As such, users and platforms alike must exercise extreme caution and regularly review and update their security protocols.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.
