Global blockchain supervision and query platform

English
Download
Home Exchange Project Token Review News Market Field Survey WikiEXPO Education Forum Live Big Data Announcement Calendar Newsletter Community
Your Location:   Home >
News >
Main body

Balancer Frontend Under Attack – Please Avoid Using Balancer

Balancer Frontend Under Attack – Please Avoid Using Balancer WikiBit 2023-09-20 15:20

Balancer Frontend Under Attack – Users Risk Wallet Theft When Using Balancer UI.

The official Balancer team on platform X has reported that its frontend is under attack. Users are strongly advised not to use the Balancer frontend UI to interact with the protocol to prevent the risk of asset theft.

Analysis of a post by blockchain detective ZachXBT reveals that the attackers targeting the frontend of the DeFi liquidity protocol Balancer have profited approximately $238,000 USD. The stolen funds are currently held in the address “0x645710Af050E26bB96e295bdfB75B4a878088d7E.”

According to SlowMist's report, Balancer is currently experiencing a BGP Hijacking attack. Accessing the website links wallets to phishing attacks. Based on CloudFlare's BGP Origin Hijack-17957 data, the list of victim ASNs includes AS13335, which is associated with Balancer.

Here is the SlowMist security team's analysis of the incident:

  • DNS resolution records for the domain balancer.fi (https://bgp.tools/dns/balancer.fi) show A records with IP addresses 104.21.37.47 and 172.67.203.244. Both of these IP addresses belong to BGP AS number AS13335, which is under the control of CloudFlare.

  • CloudFlare's records (https://radar.cloudflare.com/routing/anomalies/hijack-17957) indicate that AS13335 is part of the list of ASNs affected by the BGP Origin Hijack attack.

  • The HTTPS certificate for balancer.fi has been replaced with the attacker's certificate.

  • Currently, accessing https://app.balancer.fi triggers a phishing security alert from CloudFlare.

  • Analysis reveals that malicious JavaScript code is present in the frontend of app.balancer.fi (https://app.balancer.fi/js/overchunk.js).

  • Users connecting their wallets to app.balancer.fi with malicious scripts may have their balances automatically assessed and become victims of phishing attacks.

  • The malicious addresses identified are as follows:

    • 0x00006DEAcd9ad19dB3d81F8410EA2B45eA570000

    • 0x645710Af050E26bB96e295bdfB75B4a878088d7E

    • 0x0000626d6DC72989e3809920C67D01a7fe030000

      • The SlowMist security team advises users to refrain from visiting Balancer's websites at this time to avoid falling victim to ongoing BGP attacks.

      Earlier, in late August, Balancer experienced a security incident that resulted in losses of approximately $980,000 on the Ethereum mainnet and $215,000 on Optimism.

Disclaimer:

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.

WikiBit Exchange

  • Crypto token price conversion
  • Exchange rate conversion
  • Calculation for foreign exchange purchasing
/
PC(S)
Current Rate
Available

0.00

You may also like