Balancer blames ‘social engineering attack’ on DNS provider for website hijack

The team behind Balancer, an Ethereum-based automatic market maker, believes a social engineering attack on its DNS service provider was what led to its websites front end being jeopardized on Sept. 19, leading to an approximated $238,000 in crypto stolen. Around 8 hours after the first caution of the attack, Balancer said its decentralized autonomous organization (DAO) was actively addressing the DNS attack and was working to recuperate the Balancer UI. At 5:45 pm UTC on Sept. 20, Balancer stated it was effective in protecting the domain and bringing it back under the control of Balancer DAO.

Around 8 hours after the very first warning of the attack, Balancer stated its decentralized self-governing company (DAO) was actively attending to the DNS attack and was working to recover the Balancer UI. At 5:45 pm UTC on Sept. 20, Balancer stated it was successful in securing the domain and bringing it back under the control of Balancer DAO. Regardless of Balancer confirming its subdomains on “balancer.fi” to now be safe, the “Deceptive site ahead” warning still appears when attempting to gain access to Balancers site.

In spite of Balancer validating its subdomains on “balancer.fi” to now be safe, the “Deceptive website ahead” alerting still appears when trying to gain access to Balancers website. Balancers site as of Sept. 20 at 10:22 pm UTC. Source: Balancer.Cointelegraph connected to Balancer to confirm the amount of funds lost, but did not get an immediate response.Magazine: $3.4 B of Bitcoin in a popcorn tin: The Silk Road hackers story

EuroDNS is a Luxembourg-based domain name registrar and DNS service supplier. Angel Drainer involvedBlockchain security firms SlowMist and CertiK reported that the opponent used Angel Drainer phishing contracts.SlowMist stated the exploiters assaulted Balancers site via Border Gateway Protocol hijacking– a procedure where hackers take control of IP addresses by damaging web routing tables.The hackers then caused users to “approve” and move funds by means of the “transferFrom” function to the Balancer exploiter, it explained.Related: Breaking: All funds are at threat– Steadefi made use of in continuous attackThe hacker, whom SlowMist thinks might be related to Russia, has actually currently bridged some of the stolen Ether (ETH) to Bitcoin (BTC) addresses by means of THORChain prior to ultimately bridging the ETH back to Ethereum, blockchain security firm SlowMist discussed on Sept. 20. In other words, after the aggressor (AngelDrainer) assaulted the site through BGP hijacking, then induced users to … https://t.co/5g6P2aPEz8 pic.twitter.com/3PInfe9VC1— MistTrack (@MistTrack_io) September 20, 2023

Other Questions People Ask

What led Balancer to blame a ‘social engineering attack’ on its DNS provider for the website hijack?

Balancer attributed the website hijack to a social engineering attack that targeted its DNS service provider, EuroDNS. This attack allowed hackers to manipulate the DNS settings, which ultimately jeopardized the front end of Balancer's website. The incident occurred on September 19, resulting in approximately $238,000 in stolen cryptocurrency.

How did Balancer respond to the DNS attack that it blames on social engineering?

In response to the DNS attack, Balancer's decentralized autonomous organization (DAO) quickly took action to address the situation. Approximately eight hours after the initial warning, the team began working to recover the Balancer user interface and secure their domain. By September 20, they announced that they had successfully regained control of the domain and ensured its safety.

What were the consequences of the social engineering attack on Balancer's website?

The social engineering attack on Balancer's website resulted in a significant financial loss, with around $238,000 in cryptocurrency stolen from users. Additionally, even after regaining control of their domain, users continued to see a "Deceptive site ahead" warning when trying to access Balancer's site. This ongoing warning indicates lingering security concerns despite the team's efforts to secure their platform.

What methods did hackers use in the social engineering attack on Balancer's DNS provider?

The hackers employed Border Gateway Protocol (BGP) hijacking as part of their social engineering attack on Balancer's DNS provider. This method allowed them to take control of IP addresses by corrupting web routing tables, leading users to malicious sites. Once users were redirected, they were tricked into approving fund transfers to the attackers.

What is the current status of Balancer's website following the social engineering attack?

As of September 20, Balancer confirmed that its subdomains on "balancer.fi" are now safe and under the control of Balancer DAO. However, users still encounter a "Deceptive site ahead" warning when attempting to access the site, indicating that there may be residual security issues. The team is likely working on resolving these warnings to restore user confidence fully.

Powered by Easy Traffic Systems