One of the leading decentralized finance (DeFi) protocols, Balancer Protocol – an Ethereum-based automated market maker (AMM), has recorded the second hack in less than a month. In the ongoing hack, cybercriminals have hijacked the front-end website of the DeFi protocol to rob users’ wallets by forcing them to approve malicious contracts.
The Balancer Protocol affirmed the recent hack through its X account (previously known as Twitter) around 11:50 PM UTC on September 19. The DeFi protocol prohibited users from accessing its official website balancer.fi, until the team solves the issue and confirms via a notice.
Blockchain Security Firms Confirm The Stolen Amount
Though Balancer Protocol didn’t disclose any loss of funds, blockchain security firms were on their toes to track the exploiter and update the crypto community.
On-chain sleuth PeckShield shared screenshots on X that the hacker has stolen $238,000 worth of crypto. A few hours later, the crypto security firm shared the hacker-related address in an X post and showed the front-end attacker had swapped another “15.4 $ETH for ~2,730 $AVAX and transferred them to #MEXC Deposit”
Another blockchain security firm, ZachXBT, affirmed the transfer of stolen funds by sharing the hacker address where funds are being directed:
Stolen funds are being directed to this address
0x645710Af050E26bB96e295bdfB75B4a878088d7E
~$238k stolen so far pic.twitter.com/rwMybBaLoA
— ZachXBT (@zachxbt) September 20, 2023
Fortunately, the attacker breached only the front-end website of Balancer Protocol, while the project’s smart contract remains secure. Similarly, a representative of the platform, Cosme Fulanito, assured the 100% security of the protocol’s vault.
One of the protocol’s users who became a victim of this hack explained on X:
If you open the website it asks you to change the chain, where you hold the most amount of money. After that scam transaction is sent, and after confirmation money is gone. Don’t open the website!!!
Balancer Protocol Hit An Attack A Month Ago
On August 27, the Balancer Protocol suffered a flash loan attack, resulting in around $1 million in losses. The team acknowledged the vulnerabilities in the protocol on August 22 and advised users to withdraw funds from affected liquidity pools.
It bears mentioning that the exploiter stole users’ funds less than a week after the Balancer team identified the vulnerabilities and applied necessary measures to mitigate the risk.
Balancer protocol confirmed the attack in a post on the X platform and added:
Balancer is aware of an exploit related to the vulnerability below. Mitigation procedures have drastically reduced risks, but are unable to pause affected pools.
The Balancer Protocol, facing its second attack in the span of a month, highlights the urgent need for better security practices addressing the higher vulnerabilities in the DeFi projects.
According to a PeckShield report, DeFi firms have nearly lost half a billion in the first half of 2023 alone. The report highlighted that the Ethereum blockchain faced the most losses in this time period, estimated at $287 million.
Featured image from Pixabay and chart from TradingView.com