Balancer blames ‘social engineering attack’ on DNS provider for website hijack

2 years ago CryptoExpert
Balancer blames ‘social engineering attack’ on DNS provider for website hijack


The team behind Balancer, an Ethereum-based automated market maker, believes a social engineering attack on its DNS service provider was what led to its website’s front end being compromised on Sept. 19, leading to an estimated $238,000 in crypto stolen.

“After investigation, it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs,” the firm explained in a Sept. 20 X post.

Approximately eight hours after the first warning of the attack, Balancer said its decentralized autonomous organization (DAO) was actively addressing the DNS attack and was working to recover the Balancer UI.

At 5:45 pm UTC on Sept. 20, Balancer said it was successful in securing the domain and bringing it back under the control of Balancer DAO. It also confirmed its subdomains “app.balancer.fi” and “balancer.fi” are safe to use again.

okex

However, it suggested any other projects using the same top-level domain should consider moving to a more secure registrar. 

EuroDNS is a Luxembourg-based domain name registrar and DNS service provider. Cointelegraph has reached out to EuroDNS for comment.

Angel Drainer involved

Blockchain security firms SlowMist and CertiK reported that the attacker employed Angel Drainer phishing contracts.

SlowMist said the exploiters attacked Balancer’s website via Border Gateway Protocol hijacking — a process where hackers take control of IP addresses by corrupting internet routing tables.

The hackers then induced users to “approve” and transfer funds via the “transferFrom” function to the Balancer exploiter, it explained.

Related: Breaking: ‘All funds are at risk’ — Steadefi exploited in ongoing attack

The hacker, whom SlowMist believes may be related to Russia, has already bridged some of the stolen Ether (ETH) to Bitcoin (BTC) addresses via THORChain before eventually bridging the ETH back to Ethereum, blockchain security firm SlowMist explained on Sept. 20.

SlowMist stated in an earlier post that the hacker transferred about 15 wrapped-Ether (wETH.e) on the Avalanche blockchain.

Meanwhile, despite Balancer confirming its subdomains on “balancer.fi” to now be safe, the “Deceptive site ahead” warning still appears when attempting to access Balancer’s website.

Balancer’s website as of Sept. 20 at 10:22 pm UTC. Source: Balancer.

Cointelegraph reached out to Balancer to confirm the amount of funds lost, but did not receive an immediate response.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story





Source link

Tags: ,
Changelly

More Stories

CoinMarketCap Removes Malicious 'Verify Wallet' Popup

CoinMarketCap Removes Malicious ‘Verify Wallet’ Popup

19 hours ago CryptoExpert
Crypto Crime Supercycle Very Real ZachXBT Says

Crypto Crime Supercycle Very Real ZachXBT Says

2 days ago CryptoExpert
Lion Group Holding Secures $600 Million to Build World’s Largest HYPE Treasury

Asian Firm Launches $600 Million HYPE Token Treasury

3 days ago CryptoExpert
Iranian Crypto Exchange Nobitex Exploited for $81M

Iranian Crypto Exchange Nobitex Exploited for $81M

4 days ago CryptoExpert
Zebec Network Announces Reward Program for XRP Holders Amid ZBCN’s Price Struggles

Zebec Network Offers Reward Program for Ripple’s XRP Holders

5 days ago CryptoExpert
Polyhedra’s Token Tanks 83% After Abnormal Trades

Polyhedra’s Token Tanks 83% After Abnormal Trades

6 days ago CryptoExpert

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

dYdX Surge Program Overview: $20M In Rewards For DeFi Trading

$20M In Prizes For DeFi Trading

18 hours ago CryptoExpert
Fed's Waller says rate cut could come as soon as July

Fed’s Waller says rate cut could come as soon as July

18 hours ago CryptoExpert
From Subsidies to Shutdowns: Norway Moves to Restrict Bitcoin Mining

From Subsidies to Shutdowns: Norway Moves to Restrict Bitcoin Mining

18 hours ago CryptoExpert
Solana, XRP and Dogecoin ETF Approvals in 2025 Are a Near Lock, Analysts Say

Solana, XRP and Dogecoin ETF Approvals in 2025 Are a Near Lock, Analysts Say

18 hours ago CryptoExpert
You have not selected any currency to display

Pin It on Pinterest

Crypto-Moon
Changelly
Crypto-Moon
Balancer blames ‘social engineering attack’ on DNS provider for website hijack
okex
Changelly
CoinMarketCap Removes Malicious 'Verify Wallet' Popup
Crypto Crime Supercycle Very Real ZachXBT Says
Lion Group Holding Secures $600 Million to Build World’s Largest HYPE Treasury
Iranian Crypto Exchange Nobitex Exploited for $81M
Zebec Network Announces Reward Program for XRP Holders Amid ZBCN’s Price Struggles
Polyhedra’s Token Tanks 83% After Abnormal Trades
Changelly
Changelly
dYdX Surge Program Overview: $20M In Rewards For DeFi Trading
Fed's Waller says rate cut could come as soon as July
From Subsidies to Shutdowns: Norway Moves to Restrict Bitcoin Mining
Solana, XRP and Dogecoin ETF Approvals in 2025 Are a Near Lock, Analysts Say
Crypto Cycle ‘Spookily Similar’ to 2017
dYdX Surge Program Overview: $20M In Rewards For DeFi Trading
Fed's Waller says rate cut could come as soon as July
From Subsidies to Shutdowns: Norway Moves to Restrict Bitcoin Mining
Solana, XRP and Dogecoin ETF Approvals in 2025 Are a Near Lock, Analysts Say