{"id":84749,"date":"2023-09-20T12:19:21","date_gmt":"2023-09-20T09:19:21","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=84749"},"modified":"2025-09-12T19:14:06","modified_gmt":"2025-09-12T16:14:06","slug":"balancer-loses-238000-in-frontend-attack","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/balancer-loses-238000-in-frontend-attack\/","title":{"rendered":"Balancer loses $238,000 in frontend attack"},"content":{"rendered":"<p>In the early hours of September 20, the Balancer DeFi protocol team announced that the <span data-descr=\"the frontend\u2014the external layer of the product that the user interacts with on the web page or in the app\" class=\"old_tooltip\">frontend<\/span> had been hacked and urged users to refrain from further use of the platform&#8217;s interface.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!<\/p>\n<p>\u2014 Balancer (@Balancer) <a href=\"https:\/\/twitter.com\/Balancer\/status\/1704281611326357567?ref_src=twsrc%5Etfw\">September 19, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to on-chain data studied by analyst ZachXBT, the loss totaled about $238,000.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">Stolen funds are being directed to this address<\/p>\n<p>0x645710Af050E26bB96e295bdfB75B4a878088d7E<\/p>\n<p>~$238k stolen so far <a href=\"https:\/\/t.co\/rwMybBaLoA\">pic.twitter.com\/rwMybBaLoA<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1704286832844828914?ref_src=twsrc%5Etfw\">September 20, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Balancer&#8217;s developers are still investigating the incident, and it is not yet known whether user funds were affected. A project representative in the Discord channel, Cosme Fulanito <a href=\"https:\/\/twitter.com\/DefiantNews\/status\/1704305237929173479\">confirmed<\/a> that the treasury was 100% in order.<\/p>\n<p>Balancer is a community-governed protocol on the Ethereum network, launched in 2020. It functions as an automated portfolio manager, liquidity provider and price tracker.<\/p>\n<p>The platform supports seven <span data-descr=\"Ethereum Virtual Machine \u2014 the Ethereum virtual machine\" class=\"old_tooltip\">EVM<\/span>-compatible networks. According to <a href=\"https:\/\/defillama.com\/protocol\/balancer-v2\">DeFi Llama<\/a>, the total value of assets locked in Balancer v2 stands at $608 million.<\/p>\n<p>The protocol also has a governance token, BAL. According to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/balancer\">CoinGecko<\/a>, at the time of writing the token traded at about $3.27, down 2.5% over the past 24 hours.<\/p>\n<p>Following the frontend hack, some users reported that interacting with the website prompted them to approve a malicious contract that drains funds from wallets.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Massive Balancer HACK ?<a href=\"https:\/\/twitter.com\/Balancer?ref_src=twsrc%5Etfw\">@Balancer<\/a> was hacked<\/p>\n<p>If you open the website it asks you to change the chain, where you hold the most amount of money<\/p>\n<p>After that scam transaction is sent, after confirmation money are gone<\/p>\n<p>Don&#8217;t open the website!!!<\/p>\n<p>Maximum repost <a href=\"https:\/\/t.co\/d0jYDTeatf\">pic.twitter.com\/d0jYDTeatf<\/a><\/p>\n<p>\u2014 Hanzo \u3297\ufe0f (@DeFi_Hanzo) <a href=\"https:\/\/twitter.com\/DeFi_Hanzo\/status\/1704283649590411666?ref_src=twsrc%5Etfw\">September 19, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abIf you open the website, it will ask you to change the chain in which you hold the largest amount of assets. After you confirm the fraudulent transaction, the money will disappear. Do not open the site\u00bb, warned one community member.<\/p>\n<\/blockquote>\n<p>When attempting to access Balancer through a browser, a phishing warning appeared for a time.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"705\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/420bfa84-3eba-4051-8a78-8fdf358d3da5-1024x705.png\" alt=\"420bfa84-3eba-4051-8a78-8fdf358d3da5\" class=\"wp-image-216251\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/420bfa84-3eba-4051-8a78-8fdf358d3da5-1024x705.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/420bfa84-3eba-4051-8a78-8fdf358d3da5-300x207.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/420bfa84-3eba-4051-8a78-8fdf358d3da5-768x529.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/420bfa84-3eba-4051-8a78-8fdf358d3da5.png 1224w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Data: balancer.fi.<\/figcaption><\/figure>\n<p>On-chain data show that the hacker transferred part of the funds to the Avalanche blockchain as <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-a-wrapped-token\">wrapped<\/a> ETH and carried out a test transaction via the mixer <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-the-tornado-cash-mixer-and-why-was-it-sanctioned\">Tornado Cash<\/a>.<\/p>\n<p>Over the past month, Balancer has already endured a second attack. On August 22, the project team <a href=\"https:\/\/u1f987.com\/en\/news\/balancer-team-urged-users-to-withdraw-funds-from-pools\">reported<\/a> a bug related to liquidity pools. Assets deployed on Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom and zkEVM were at risk. Experts <a href=\"https:\/\/u1f987.com\/en\/news\/balancer-hack-estimated-at-900000\">estimated<\/a> the damage from the breach at $900,000.<\/p>\n<p>Following the recent incident, HashKey co-founder Ben El-Baz questioned how to defend against attacks on Web 2.0 interfaces of applications when using digital assets.<\/p>\n<p>The lead developer and founder of Dappling Network, known as 0xBookland, advised ordinary users to employ security extensions such as Joinfire. He urged protocols to improve website update monitoring and threat-alert systems. <\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">For users, there are some extensions like <a href=\"https:\/\/twitter.com\/_joinfire?ref_src=twsrc%5Etfw\">@_joinfire<\/a> <\/p>\n<p>For protocols, the best solution is probably setting up monitoring that:<\/p>\n<p>* Looks at where the frontend is pointing to<br \/>* What contracts the frontend is interacting with<\/p>\n<p>and if those don&#8217;t ever match what is expecting, sent\u2026<\/p>\n<p>\u2014 russell ( bookland ) (@0xBookland) <a href=\"https:\/\/twitter.com\/0xBookland\/status\/1704384824234918364?ref_src=twsrc%5Etfw\">September 20, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abOn-chain <span data-descr=\"Domain Name System \u2014 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u0445 \u0438\u043c\u0435\u043d\" class=\"old_tooltip\">DNS<\/span> \u2014 is no longer simply an option; it is a necessity. This was a 100% DNS hijack, say Decentraweb representatives.<\/p>\n<\/blockquote>\n<p>A previously unknown <a href=\"https:\/\/u1f987.com\/en\/news\/dex-cypher-loses-1-million-in-hack\">attacked<\/a> the Solana-based decentralized exchange Cypher and siphoned off about $1 million in crypto assets.<\/p>\n<p>Recall that in August, the yield aggregator Zunami Protocol <a href=\"https:\/\/u1f987.com\/en\/news\/defi-protocol-zunami-loses-2-1-million-in-exploit\">was hacked<\/a>, losing digital assets worth $2.1 million.<\/p>\n<p>In the same month, a hacker <a href=\"https:\/\/u1f987.com\/en\/news\/defi-project-exactly-protocol-hacked-for-12-million\">broke into<\/a> the DeFi project Exactly Protocol for $12 million, exploiting a vulnerability in the smart contract.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the early hours of September 20, the Balancer DeFi protocol team said the frontend had been hacked and urged users to refrain from further use of the platform&#8217;s interface.<\/p>\n","protected":false},"author":1,"featured_media":84750,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1150],"class_list":["post-84749","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-news-plus"],"aioseo_notices":[],"amp_enabled":true,"views":"41","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/84749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=84749"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/84749\/revisions"}],"predecessor-version":[{"id":84751,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/84749\/revisions\/84751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/84750"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=84749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=84749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=84749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}