The Peckshield team said that a frontend compromise of the DeFi protocol by Balancer led to the theft of roughly $240,000 in digital assets. This could indicate that the balancer was involved in the hacking of digital assets.
A Balancer spokesperson announced earlier today that the company's front end is currently being attacked and advised users not to interact with the interface until further notice as a precaution.
There have been tweets from Balancer that suggest the Balancer URL – or the web address for the Balancer service -- has been victimized by a redirect attack, and users are being sent to a malicious website rather than the Balancer site that they are expected to find.
By exploiting the trust users place in a website, cybercriminals can launch redirect attacks by inserting malicious code in a website's code or in an email sent by a phishing website to redirect users to a malicious web page.
According to blockchain security firm Certik, hacks, exploits, and scams have cost over $1 billion in losses across the crypto sector as of early September this year, due to hacks, exploits, and scams across the market. Traders trading cryptocurrencies lost a total of $303 million in June alone, the worst month of the year for losses related to cryptocurrency hacks.
A crypto sleuth on the chain called ZachXBT verified the amount that was stolen, sharing an image with the address of the unknown attacker. There have been several transactions associated with this address in the past ten hours, which have been classified as scams by ZachXBT.
Additionally, the wallet's balance currently contains $152,000 in assets, which has been deemed a scam by ZachXBT.
Balancer, however, maintains that it is unaffected by the compromise of its smart contract, as it is independent of it.
During these times, it should be noted that the attack comes less than a month after the DeFi project lost almost $1 million worth of assets after a breach of their V2 pools compromised their assets. To prevent further attacks on the project, it advised the users to withdraw their funds from the affected pools as soon as possible.
An internet sleuth identified by ZachXBT recently discovered an address associated with an account that may have been compromised may have exposed over $200,000 in digital assets. The wallet currently possesses a balance of just over $100,000, according to Nansen.ai data, with most of the assets being STEETH and DAI, according to the data.
By data shown on the blockchain, it appears that the person who holds the wallet has transferred some of the proceeds to the Aave network.
The balancer is currently the fourth-largest decentralized exchange in terms of total value locked, according to DefiLlama data, with a total value locked worth about $700 million, making it the fourth-largest.
MistTrack, based on the "relevant intelligence" it has collected, said that the attacker may have links with Russia and that it is investigating the possibility. However, it did not elaborate.
In a security advisory released by Balancer about a separate vulnerability in the protocol's pools, which could potentially be exploited by attackers, the company urged the public to withdraw their assets from the protocol.
This makes it the fourth-largest decentralized exchange by market cap, according to DefiLlama data, with a total value locked of roughly $700 million.
