Balancer: Second attack causes losses of over $200k
- Balancer’s user interface has come under attack with malicious contracts deployed.
- Balancer’s TVL and transactions have stayed stable despite the attack.
Balancer [BAL] has recently been thrown off balance yet again, with another attack on the Decentralized Finance (DeFi) platform.
Is your portfolio green? Check out the BAL Profit Calculator
Balancer under attack
On 20 September, a post on X (formerly Twitter) by Exponential DeFi highlighted the hack of the Balancer domain. The post indicated that the hackers were prompting users to approve harmful contracts designed to siphon funds from their wallets.
? Risk alert @Balancer 's domain (https://t.co/Ikuh2PEJrv) has been hijacked and its prompting users to approve a malicious contract that will drain your wallet.
As far as we can tell, protocol funds are safu and the issue is limited to the hijacked front-end. pic.twitter.com/KrBUutj5H0
— Exponential DeFi (@ExponentialDeFi) September 19, 2023
At the time of this initial post, Balancer had not issued an official response, but one was subsequently posted.
In their official statement, the Balancer team confirmed that their frontend was indeed under attack. They cautioned users against engaging with the platform’s user interface (UI) until further notice.
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!
— Balancer (@Balancer) September 19, 2023
Balancer bleeds over $200,000
In spite of the platform’s warnings, the attacker managed to successfully transfer some funds. A report from PeckShieldAlert revealed that the attacker had made off with approximately $238,000 worth of cryptocurrency.
As per the tracked wallet, the attacker initially received 1.04 Avalanche [AVAX], valued at approximately $9, which appeared to be a test transfer. Subsequently, the attacker exchanged 15.4 Ethereum [ETH] for over 2,700 AVAX and then sent these funds to the MEXC deposit.
#PeckShieldAlert @Balancer has reported that its frontend under an attack, ~$238k worth of cryptos were stolen https://t.co/aAaj0Xqery pic.twitter.com/YDIjfnNYM4
— PeckShieldAlert (@PeckShieldAlert) September 20, 2023
Notably, this marked the second attack on the network in less than a month. Balancer had previously issued a warning about a vulnerability on 22 August, which put $2.8 million, equivalent to 0.42% of its total value locked (TVL), at risk.
In their announcement on 24 August, users were strongly advised to “withdraw ASAP” if they had connected their wallets to affected liquidity provider (LP) pools.
Impact on TVL?
Data from DeFiLlama revealed that the initial hack experienced by Balancer had a noticeable impact on its Total Value Locked (TVL) and transaction activity.
Around 22 August, the TVL dipped from approximately $850 million to about $840 million. By 24 August, it had further declined to around $670 million.
Concurrently, the number of transactions surged to over 3,000 on 22 August, compared to the previous average of 2,000 transactions.
However, as of this writing, the TVL and transaction patterns appeared to have returned to normal. The TVL stood at around $710 million, and the number of transactions had reduced to approximately 1,600.
This indicated that the attack has not had any effect on these metrics, at least for now.
How much are 1,10,100 BALs worth today?
How BAL has trended
Balancer’s native token BAL has maintained a consistent trend on its daily timeframe chart. Trading at approximately $3.2 at press time, it experienced a slight loss of less than 1%, and the preceding trading session also concluded with a loss.
Furthermore, it has been consistently trending below the neutral line on its Relative Strength Index (RSI) since around July. As of this writing, there have been no significant changes or noticeable spikes in its movement.