Balancer has recovered its domain after a DNS attack that compromised its website and led to the loss of $240,000 in crypto. The attack resulted from a social engineering attack on EuroDNS, the domain registrar for .fi domains. Balancer is considering moving to a more secure registrar and warns other projects to do the same.
A DNS attack is a type of cyberattack that exploits the Domain Name System (DNS), which is the system that translates domain names into IP addresses.
By hijacking or spoofing the DNS records, an attacker can redirect users to a malicious website that looks like the legitimate one.
This happened to Balancer on Sept. 19, when its website’s frontend was compromised by an unknown hacker who used a social engineering attack on EuroDNS, the domain registrar for .fi domains.
EuroDNS is a Luxembourg-based company that provides domain name registration and DNS services.
The hacker was able to gain access to Balancer’s domain and redirect users or their transactions to a phishing website that looked like Balancer’s interface.
The hacker then induced users to approve and transfer funds to their Ethereum address using a ” transferFrom ” function.
According to blockchain security firms SlowMist and CertiK, the hacker also used phishing contracts called Angel Drainer, which is known for draining crypto wallets. The hacker managed to steal about $238,000 worth of crypto from unsuspecting users.
How Balancer Recovered from the Attack
Balancer detected the attack and issued a public notice on Sept. 20, advising users not to interact with its website until further notice.
It also said it was actively addressing the attack and working with all relevant parties to ensure the full recovery of its domain.
After investigation, Balancer confirmed that the attack was a result of a social engineering attack on EuroDNS and not a breach of its smart contracts or backend.
It also said it was exploring deprecating the .fi top-level domain (TLD) and moving to a more secure registrar. It suggested that other projects using the same TLD should do the same.
On Sept. 21, Balancer announced that it had regained control over its domain and brought it back under the control of Balancer DAO, its decentralized autonomous organization.
It also confirmed that its subdomains “app.balancer.fi” and “balancer.fi” were safe to use again.
The Implications for DeFi
Balancer’s attack is not the first nor the last DNS attack on DeFi protocols. In July, PancakeSwap and Cream Finance suffered similar attacks that compromised their websites and tried to steal users’ funds.
These attacks show the vulnerability of DeFi protocols to DNS attacks and the need for more security measures.
Balancer’s attack also highlights the importance of choosing a reliable and trustworthy domain registrar and TLD for DeFi protocols.
As Balancer’s founder Fernando Martinelli said,
“For now, we (BLabs founders/investors) don’t vote to avoid any influence on the community’s opinion. However, we are very excited about these swaps that generate long-term alignment between other DAOs and ours.”
Balancer is one of the leading DeFi protocols in terms of total value locked (TVL), with over $1.5 billion as of Sept. 22.
It provides liquidity pools, portfolio management, and price sensors for DeFi users and traders. It also has its own governance token, BAL, which gives holders voting rights in Balancer DAO.
