1. Home
  2. defi protocol

defi protocol

Balancer blames ‘social engineering attack’ on DNS provider for website hijack

Blockchain security firms SlowMist and CertiK also believe the crypto wallet drainer Angel Drainer was involved in the estimated $238,000 exploit.

The team behind Balancer, an Ethereum-based automated market maker, believes a social engineering attack on its DNS service provider was what led to its website’s frontend being compromised on Sept. 19, leading to an estimated $238,000 in crypto stolen.

“After investigation, it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs,” the firm explained in a Sept. 20 X post.

Approximately 8 hours after the first warning of the attack, Balancer said its decentralized autonomous organization (DAO) was actively addressing the DNS attack and was working to recover the Balancer UI.

At 5:45 pm UTC on Sept. 20, Balancer said it was successful in securing the domain and bringing it back under the control of Balancer DAO. It also confirmed its subdomains “app.balancer.fi” and other “balancer.fi” are safe to use again.

However, it suggested any other projects using the same top-level domain should consider moving to a more secure registrar. 

EuroDNS is a Luxembourg-based domain name registrar and DNS service provider. Cointelegraph has reached out to EuroDNS for comment.

Angel Drainer involved

Blockchain security firms SlowMist and CertiK reported that the attacker employed Angel Drainer phishing contracts.

SlowMist said the exploiters attacked the Balancer’s website via Border Gateway Protocol hijacking — a process where hackers take control of IP addresses by corrupting internet routing tables.

The hackers then induced users to “approve” and transfer funds via the “transferFrom” function to the Balancer exploiter, it explained.

Related: Breaking: ‘All funds are at risk' — Steadefi exploited in ongoing attack

The hacker, whom SlowMist believes may be related to Russia, has already bridged some of the stolen Ether (ETH) to Bitcoin (BTC) addresses via THORChain before eventually being bridging the ETH back to Ethereum, blockchain security firm SlowMist explained on Sept. 20.

SlowMist stated in an earlier post that the hacker transferred about 15 wrapped-Ether (wETH.e) on the Avalanche blockchain.

Meanwhile, despite Balancer confirming its subdomains, balancer.fi to now be safe, visits to the website still shows “Deceptive site ahead” warning when attempting to access the Balancer’s website.

Balancer’s website as of Sept. 20 at 10:22 pm UTC. Source: Balancer.

Cointelegraph reached out to Balancer to confirm the amount of funds lost but did not receive an immediate response.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

Bitwise files Form S-1 for spot Solana ETF with SEC

DeFi protocol Balancer frontend is under attack, urges users to stay away

The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users to not interact with Balancer's protocol until further notice.

Balancer, an Ethereum-based decentralized finance protocol has confirmed its user interface is currently "under an attack."

The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users to not interact with Balancer's protocol until further notice.

Balancer said the details of the attack are under investigation. The firm hasn't confirmed whether user funds are safe at this point in time.

However, one blockchain analyst, ZachXBT claims $238,000 was stolen within the first 30 minutes of Balancer breaking the news.

This is the second theft from Balancer in a month, after it warned of a critical vulnerability on Aug. 22, which resulted in a $2 million exploit several days later.

This is a developing story, and further information will be added as it becomes available.

Bitwise files Form S-1 for spot Solana ETF with SEC

US federal court dismisses lawsuit against DeFi platform PoolTogether

The DeFi community funded the protocol's legal defense through a $1.4 million nonfungible token sale back in 2022.

A United States federal judge has recently dismissed the lawsuit against the decentralized finance (DeFi) platform PoolTogether. According to the ruling, the federal court system is not the correct place to air out concerns against the DeFi startup. 

U.S. Judge Frederic Block said that despite having genuine concerns about the startup, a lawsuit in a federal court is not "an appropriate way to address them." The judge also said that the plaintiff Joseph Kent does not have the standing to pursue a lawsuit because he “suffered no concrete harm at the hands of the defendants.” The court order wrote

“Therefore, the Court holds that Kent lacks standing to sue and, accordingly, grants the defendants’ motions to dismiss on that ground. The alternative motions to compel arbitration are denied as moot.”

The lawsuit was filed by Kent back in October 2021, alleging that the DeFi startup violated gambling laws in New York state by letting people evade financial regulations and scam consumers. It also described the platform as “an old-fashioned numbers racket.”

However, according to the judge, the injury that Kent claims to have suffered must be similar to the injuries he hopes to find a remedy for in the federal court. However, in this case, the judge said that there was a mismatch. In the end, the case was dismissed.

Despite the decision, the judge said that Kent is "free to pursue his claims in state court” and ancillary issues raised in the dismissal motions that remain unanswered should be “resolved by the New York Court of Appeals."

Related: Cumberland Labs unveils SaaS API for public blockchains and DeFi protocols

Members of the community rejoiced with the decision, with some even saying that their nonfungible token (NFT) now has a utility and others expressing their support.

In 2022, the DeFi startup raised 769 Ether (ETH), around $1.4 million at the time, by selling PoolyNFTs. The funds were used to fight against the lawsuit, which some community members believed to be an attack on the DeFi sector as a whole. 

Magazine: Here’s how Ethereum’s ZK-rollups can become interoperable

Bitwise files Form S-1 for spot Solana ETF with SEC

BNB Chain-Based Defi Protocol Ankr Suffers Major Exploit

BNB Chain-Based Defi Protocol Ankr Suffers Major ExploitDecentralized Web3 infrastructure provider Ankr has become the latest victim of a hacking attack targeting the defi space. The perpetrators who hit the platform were able to mint and steal a massive amount of tokens in a multimillion-dollar exploit. Defi Protocol Ankr Hit by Unlimited Mint Bug Exploit Worth Millions Ankr, a decentralized finance (defi) […]

Bitwise files Form S-1 for spot Solana ETF with SEC

Aave DAO Approves the Launch of a Collateral-Backed Stablecoin Called GHO

Aave DAO Approves the Launch of a Collateral-Backed Stablecoin Called GHOOn Sunday, the non-custodial market protocol Aave announced that the Aave DAO has approved a new stablecoin for the ecosystem called “GHO.” Aave Companies proposed the stablecoin during the first week of July and the collateral-backed stablecoin will be pegged to the U.S. dollar’s value. A New collateral-Backed Stablecoin Crafted by Aave Companies Is Due […]

Bitwise files Form S-1 for spot Solana ETF with SEC

Inverse Finance exploited again for $1.2M in flashloan oracle attack

No user funds have been affected by the exploit, but Inverse Finance has incurred a debt and offered the attacker a bounty to return the stolen funds.

Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flashloan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC).

Inverse Finance is an Ethereum based decentralized finance (DeFi) protocol and a flashloan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information.

The latest exploit worked by using a flashloan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market application. This allowed the attacker to borrow a larger amount of the protocol’s stablecoin DOLA than the amount of collateral they posted, letting them pocket the difference.

The attack comes just over two months after a similar April 2 exploit which saw attackers artificially manipulate collateralized token prices through a price oracle to drain funds using the inflated prices.

In response to the attack, Inverse Finance temporarily paused borrowing and removed its DOLA stablecoin from the money market while it investigated the incident, saying no user funds were at risk.

It later confirmed that only the attacker's deposited collateral was affected in the incident and only incurred a debt to itself due to the stolen DOLA. It encouraged the attacker to return the funds in return for a “generous bounty”.

Related: Attackers loot $5M from Osmosis in LP exploit, $2M returned soon after

In total, the attacker’s gained 99,976 USDT and 53.2 WBTC from the attack, swapping them to ETH before sending it all through the cryptocurrency mixer Tornado Cash, attempting to obfuscate the ill-gotten gains.

The previous attack in April saw attackers make off with $15.6 million in ETH, WBTC, YFI and DOLA.

DeFi marketplace Deus Finance suffered from a similar exploit in March, with attackers manipulating a price pairing within an oracle leading to a gain of 200,000 Dai (DAI) and 1101.8 ETH worth over $3 million at the time.

Beanstalk Farms, a credit based stablecoin protocol lost all $182 million worth of collateral in a flash loan attack caused by two malicious governance proposals which in the end drained all funds from the protocol.

How the latest attack went down

Blockchain security firm BlockSec analyzed that the attacker borrowed 27,000 WBTC in a flashloan swapping a small amount to the LP token used to post collateral in Inverse Finance so users can borrow crypto assets.

The remaining WBTC was swapped to USDT, causing the price of the attacker's collateralized LP token to rise significantly in the eyes of the price oracle. With the value of these LP tokens now worth far more due to the price rise, the attacker borrowed a larger amount than usual of the DOLA stablecoin.

The value of the DOLA was worth much more than the deposited collateral, so the attacker swapped the DOLA to USDT, and the earlier WBTC to USDT swap was reversed to repay the original flashloan.

Bitwise files Form S-1 for spot Solana ETF with SEC

Trust in Decentralized Finance Rattled After $100 Billion Left the Defi Economy

Trust in Decentralized Finance Rattled After 0 Billion Left the Defi EconomyThe effect of Terra’s demise continues to shine a light on the fragility surrounding the decentralized finance (defi) ecosystem. Things have changed a great deal following Terra’s aftermath, as the total value locked (TVL) in defi has plummeted from $231 billion to today’s $112.29 billion, losing 51.38% in 42 days. Defi TVL Plunges More Than […]

Bitwise files Form S-1 for spot Solana ETF with SEC

Total Value Locked in Defi Nears Lifetime High, Ethereum’s TVL Dominates by 54%

Total Value Locked in Defi Nears Lifetime High, Ethereum’s TVL Dominates by 54%On Sunday, April 3, the total value locked (TVL) in decentralized finance (defi) has risen to $231 billion. The TVL is nearing the all-time high (ATH) of $256 billion recorded on December 2, 2021, as it’s only 10.82% under the TVL’s ATH. Additionally, while Curve Finance continues to dominate in terms of TVL, the defi […]

Bitwise files Form S-1 for spot Solana ETF with SEC

Solana-Based Cashio App Hit With an ‘Infinite Mint Glitch,’ CASH Stablecoin Drops to Zero

Solana-Based Cashio App Hit With an ‘Infinite Mint Glitch,’ CASH Stablecoin Drops to ZeroA decentralized finance (defi) protocol called Cashio was attacked by an “infinite glitch” exploit around 9:00 a.m. (UTC), the team said on Wednesday. Following the hack, statistics show the protocol’s total value locked (TVL) dropped from over $28 million to $579,701 and the project’s stablecoin shuddered from $1 per token to zero. Cashio App Exploited […]

Bitwise files Form S-1 for spot Solana ETF with SEC