1. Home
  2. frontend

frontend

Balancer blames ‘social engineering attack’ on DNS provider for website hijack

Blockchain security firms SlowMist and CertiK also believe the crypto wallet drainer Angel Drainer was involved in the estimated $238,000 exploit.

The team behind Balancer, an Ethereum-based automated market maker, believes a social engineering attack on its DNS service provider was what led to its website’s frontend being compromised on Sept. 19, leading to an estimated $238,000 in crypto stolen.

“After investigation, it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs,” the firm explained in a Sept. 20 X post.

Approximately 8 hours after the first warning of the attack, Balancer said its decentralized autonomous organization (DAO) was actively addressing the DNS attack and was working to recover the Balancer UI.

At 5:45 pm UTC on Sept. 20, Balancer said it was successful in securing the domain and bringing it back under the control of Balancer DAO. It also confirmed its subdomains “app.balancer.fi” and other “balancer.fi” are safe to use again.

However, it suggested any other projects using the same top-level domain should consider moving to a more secure registrar. 

EuroDNS is a Luxembourg-based domain name registrar and DNS service provider. Cointelegraph has reached out to EuroDNS for comment.

Angel Drainer involved

Blockchain security firms SlowMist and CertiK reported that the attacker employed Angel Drainer phishing contracts.

SlowMist said the exploiters attacked the Balancer’s website via Border Gateway Protocol hijacking — a process where hackers take control of IP addresses by corrupting internet routing tables.

The hackers then induced users to “approve” and transfer funds via the “transferFrom” function to the Balancer exploiter, it explained.

Related: Breaking: ‘All funds are at risk' — Steadefi exploited in ongoing attack

The hacker, whom SlowMist believes may be related to Russia, has already bridged some of the stolen Ether (ETH) to Bitcoin (BTC) addresses via THORChain before eventually being bridging the ETH back to Ethereum, blockchain security firm SlowMist explained on Sept. 20.

SlowMist stated in an earlier post that the hacker transferred about 15 wrapped-Ether (wETH.e) on the Avalanche blockchain.

Meanwhile, despite Balancer confirming its subdomains, balancer.fi to now be safe, visits to the website still shows “Deceptive site ahead” warning when attempting to access the Balancer’s website.

Balancer’s website as of Sept. 20 at 10:22 pm UTC. Source: Balancer.

Cointelegraph reached out to Balancer to confirm the amount of funds lost but did not receive an immediate response.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

Five Alleged Scammers Federally Charged With Running Crypto Phishing Scheme by DOJ

DeFi protocol Balancer frontend is under attack, urges users to stay away

The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users to not interact with Balancer's protocol until further notice.

Balancer, an Ethereum-based decentralized finance protocol has confirmed its user interface is currently "under an attack."

The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users to not interact with Balancer's protocol until further notice.

Balancer said the details of the attack are under investigation. The firm hasn't confirmed whether user funds are safe at this point in time.

However, one blockchain analyst, ZachXBT claims $238,000 was stolen within the first 30 minutes of Balancer breaking the news.

This is the second theft from Balancer in a month, after it warned of a critical vulnerability on Aug. 22, which resulted in a $2 million exploit several days later.

This is a developing story, and further information will be added as it becomes available.

Five Alleged Scammers Federally Charged With Running Crypto Phishing Scheme by DOJ

If good UX is like driving auto, Web3 is ‘driving stick’ — UX designers

The high stakes of crypto applications mean developers often need to prioritize security — but that comes at the cost of poor user experience.

The current Web3 user experience (UX) is akin to driving a manual transmission car — there’s more control, but most users will find it unnecessarily clunky, according to several UX designers.

Over the years, discussion around mainstream adoption of Web3 has centered around the need to improve crypto’s user experience and “ease of use.”

However, in a July 12 tweet, Web3 UI/UX designer 0xDesigner argued that certain properties of blockchain make it challenging to build easy-to-use Web2-like applications.

According to 0XDesigner, one of the main issues with cryptocurrency applications is that every action is “irreversible” — there’s no “undo button” on the blockchain and mistakes are expensive. They added:

“Think of it this way: Web2 is like driving an automatic car. It’s straightforward; you get in, press the pedal and off you go. Web3, on the other hand, is more like driving stick.

“You need to understand the gears, the clutch and constantly monitor the tachometer; otherwise, you’ll damage the transmission or stall the car,” they added.

Speaking to Cointelegraph, 0xDesigner argued most of the “broader population” may not even care about the sovereignty (control and ownership) that blockchain offers.

The Web3 UX paradox

Thomas Ling, a former user interface (UI) designer for blockchain tech firm Immutable and Web2 gaming studio Riot Games, told Cointelegraph that UI is typically more simple in Web2 because with Web3, ownership and control are vested with the user.

While this makes Web3 unique, it adds more complications on the backend, Ling explained:

“Where a Web2 app may only need to show one step out of five, a Web3 app needs to show all five in order for a user to achieve an action and retain the value proposition of Web3.”

Because of this, Web3 UI/ UX designers are “limited” in the way that they can make “magic” happen in creating an easy-to-use application, explained Ling.

Ling said this is particularly challenging when product teams are faced with making design decisions with tradeoffs:

“It’s a bit of a paradox — by making Web3 flows simpler, we have to take away some control from the user, which starts to take away from the point of Web3.”

0xDesigner believes another problem lies in the lack of priority given to user experience in Web3 projects.

“From what I’ve seen, most product teams are engineering driven. The designer-to-developer ratios are lower than in Web2. That usually results in more technical solutions.”

This could be because of the high stakes in Web3, especially regarding financial applications, meaning that more staff will be focused on security and error prevention.

Related: This platform improves UX by providing CEX users with ENS names

0xDesigner believes mass adoption of Web3 will come when there’s a truly useful application of it, like gaming and music.

“The adoption problem is usefulness first, not usability. It needs to be a good game or good music. I don’t think it will matter that it’s Web3.”

Cryptocurrency applications should also “feel invisible,” they added.

“I think the next crypto cycle will be driven by consumer apps that are powered by crypto, but users won’t know it’s crypto unless they look closely.”

In a contrasting view, Messari CEO Ryan Selkis downplayed the problem of UX/UI on adoption during a July 11 Twitter Spaces.

“The wallets are fine, there’s definitely some things to be desired [...] but it’s really a lot of the off-chain, social and regulatory things that cloud long term adoption.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Web3 Gamer: Apple to fix gaming? SEC hates Metaverse, Logan Paul trolled on Steam

Five Alleged Scammers Federally Charged With Running Crypto Phishing Scheme by DOJ

Decentralized Finance Crypto Exchange Uniswap Starts Blocking Addresses Linked To ‘Blocked Activities’

Decentralized Finance Crypto Exchange Uniswap Starts Blocking Addresses Linked To ‘Blocked Activities’Uniswap, one of the main decentralized finance exchanges in the cryptocurrency world, is now taking measures to ensure illegal funds cannot be transacted using its platform. The company has already started blocking addresses linked to “blocked activities” and will apply a filter with data provided by TRM Labs, a blockchain analysis firm that focuses on […]

Five Alleged Scammers Federally Charged With Running Crypto Phishing Scheme by DOJ