On September 19, the Balancer’s decentralised exchange website was hacked due to a vulnerability in its frontend. The resulting damage is estimated at about $238,000. This is not the first attack on the project.
Balancer is a decentralised exchange launched on Ethereum in 2018. Currently, it is running on seven blockchains. As of today, the Total Value Locked (TVL) of this DEX is $703 million, with a trading volume exceeding $28 billion. The platform’s native token, BAL, is distributed as rewards to liquidity providers and allows participation in the protocol’s DAO.
In fact, Balancer functions similarly to Uniswap but has distinctive features. For example, liquidity pools can consist of up to eight tokens. Read more about this project here.
How the Balancer was hacked
This attack stemmed from a vulnerability in the frontend. Hackers managed to change the website's algorithm so that it appeared normal to users, but its true functionality had been compromised.
The term “frontend” refers to the part of the site that users directly interact with. The frontend is responsible for presenting content, layout, and user interface elements as opposed to the “backend”, which is the behind-the-scenes part of a website or application, responsible for processing data on the server side.
When connecting a wallet to the Balancer site, a window popped up, asking users to approve a smart contract to manage their funds. This procedure mimicked the normal interaction with Balancer pools. However, the smart contract belonged to the attacker, and once approved, it facilitated the unauthorised transfer of funds from users’ wallets to the hacker.
Read more about the interaction of users' wallets and smart contracts on decentralised exchanges in our article: User lost $24 million due to phishing attack.
A representative of Balancer's assured the community in Discord that all of the project's funds remained safe.
Previous attack on the project
At the end of August, Balancer faced another attack. Then, attackers managed to steal $2 million due to vulnerabilities in smart contracts.
Such cases of stealing funds from users' wallets have become more frequent lately. Unfortunately, you cannot be totally protected from all hacks in DeFi, but you can greatly reduce the risks by reading our article: Crypto scam: how to protect yourself.
You might also like: