For the second time in a month, hackers have stolen funds from Balancer liquidity pools.
Users were initially warned not to interact with the DeFi protocol in light of an exploit that has compromised its web interface, although Balancer has since claimed to have regained control. Yet despite reassurances, some are questioning the platform’s security following the recent attacks.
In a social media update on Wednesday evening, September 20, 2023, Balancer confirmed what many had already concluded—that a DNS hack was behind the latest security breach.
Expanding on what happened, Balancer blamed a social engineering attack on EuroDNS, a popular registrar for .fi domains.
Although initially intended to designate a Finnish website, the top-level domain (TDL) .fi has proven popular among DeFi projects.
Balancer’s latest update assured users that it had regained control of its website, which it said is now safe to use.
However, going forward, Balancer said it is exploring a move away from the .fi domain. In a dig at EuroDNS, the post implied Balancer will migrate to “a more secure registrar.” It also recommended that other projects using the .fi TDL do the same.
EuroDNS did not immediately respond to a request for comment.
The recent incident underscores concerns among proponents of decentralized hosting services. Regardless of how open and decentralized a tool’s backend may be, a centrally administered primary interface can become a single point of failure, contradicting the DeFi ethos.
In a statement on Wednesday, September 20, Balancer Labs reported a frontend attack and cautioned against using the liquidity optimization protocol while the incident is investigated.
According to the blockchain security firm PeckShield, around $238 worth of cryptocurrency has been swiped via the Balancer vulnerability.
A wallet address identified as belonging to the attacker was actively moving funds as recently as 6:11 UTC. The address appears to be swapping ETH for AAVE and using Tornado Cash to obscure the trail of the stolen assets.
For Balancer, the latest incident represents the second major security breach in the space of four weeks.
Previously, on August 22, Balancer asked users to remove funds from certain liquidity pools after the discovery of a critical vulnerability.
A day later, the firm announced that the vulnerability had not been exploited and that “over 97% of liquidity initially deemed vulnerable is now SAFE.”
Unfortunately, the jubilation didn’t last long.
On August 27, Balancer announced that the vulnerability had in fact been exploited. The company once again requested users to withdraw funds from the at-risk liquidity pools to protect against further thefts.
In a post-mortem analysis of the August incident, Balancer reported that Ethereum Mainnet losses stood at around $980,000. A further $215,000 worth of crypto was drained via the Optimism Layer 2 network.
Although Balancer has yet to comment on the specific details of the latest hack, reference to a “front end” attack implies it targeted weaknesses in the user interface rather than the smart contract code.
Comments on Balancer’s tweet refer to security flaws in Web2 protocols such as Domain Name System (DNS).
With DeFi’s focus on decentralization and the recognition that Web2 protocols may not meet security needs, decentralized web hosting solutions could address challenges faced by platforms like Balancer.