Ethereum-Based Decentralized Finance (DeFi) protocol Balancer cautioned its users against accessing the platform due to an ongoing investigation into a suspected attack on its frontend. The nature of the attack and its origins are yet to be fully understood.
On September 19 at 11:49 pm UTC, an announcement was made to the Balancer community urging them to refrain from interaction with the Balancer user interface until an all-clear notice has been issued.
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!
— Balancer (@Balancer) September 19, 2023
While the specifics of the attack are still being determined by Balancer, no confirmation has been made regarding the possibility of user funds being compromised. Notwithstanding, Balancer contributor Cosme Fulanito has made a statement via his Twitter asserting that the Balancer vault remains intact, unaffected by the attack.
Blockchain security firms, including PeckShield and analyst ZachXBT, have come up with preliminary estimates of the crypto theft, estimating close to $238,000 in cryptocurrencies having been stolen since the commencement of the attack.
Several users have reported encountering a malicious contract when attempting to interact with the platform, which consequently orchestrates a draining of user wallets. DeFi Hanzo, a DeFi sector analyst, offered this interpretation of the issue experienced by users:
"If you open the website it asks you to change the chain, where you hold the most amount of money. After that scam transaction is sent, after confirmation money are gone."
It has been noted that users trying to visit the Balancer website are greeted with a warning sign.
This incident is the second within a month that sees Balancer subjected to an attack. This follows the announcement of a critical vulnerability on August 22, which escalated to an estimated exploit of around $2 million associated with the failure.
The protocol had noted that, although measures were undertaken to minimize exposure to the risk, affected pools couldn't be paused and users were advised to withdraw from the affected Liquid Pools (LPs).
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.