Balancer, the Ethereum-based decentralized finance (DeFi) protocol, is facing a security breach, marking the second such incident in less than a month.
The platform issued a warning to its users after detecting an attack on its frontend, urging them to refrain from interacting with the Balancer user interface until further notice.
The breach was revealed to the community on September 19th, around 11:49 pm UTC.
$238,000 Worth of Crypto Stolen
While the full extent of the attack is still under investigation, it has raised concerns among users and the broader DeFi community.
Blockchain security firms, including PeckShield, and blockchain analyst ZachXBT, estimate that approximately $238,000 in cryptocurrency has been siphoned off.
The attack’s modus operandi appears to involve hijacking the Balancer domain, Balancer.fi.
Users who accessed the compromised website were prompted to approve a malicious contract, unknowingly facilitating the draining of their wallets.
Reports from affected users indicate that this deceptive approach has been quite effective.
Despite the ongoing investigation, Balancer contributor Cosme Fulanito has provided some assurance that the protocol’s vault remains “100% fine.”
This suggests that user funds held in the protocol may not have been affected, though official confirmation from the company is still pending.
Balancer Protocol Exploited for $2 Million a Month Ago
This security breach comes as a disconcerting sequel to Balancer’s recent vulnerability scare in August, where the protocol warned users of a critical vulnerability.
Just days after the initial warning, the platform suffered an estimated $2 million exploit linked to the vulnerability.
Although mitigation measures had been implemented to reduce risks, affected liquidity pools could not be paused, leading to the urgent withdrawal advisory for users.
The Balancer team has learned from the previous incident and acted swiftly to investigate and contain the breach.
Users are now advised to exercise extreme caution, refraining from any interaction with the platform’s user interface until the situation is resolved, highlighting the constant battle for security and trust within the DeFi space.