1. Home
  2. User Interface

User Interface

Balancer blames ‘social engineering attack’ on DNS provider for website hijack

Coin Telegraph
Balancer blames ‘social engineering attack’ on DNS provider for website hijack
attack

Blockchain security firms SlowMist and CertiK also believe the crypto wallet drainer Angel Drainer was involved in the estimated $238,000 exploit.

The team behind Balancer, an Ethereum-based automated market maker, believes a social engineering attack on its DNS service provider was what led to its website’s frontend being compromised on Sept. 19, leading to an estimated $238,000 in crypto stolen.

“After investigation, it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs,” the firm explained in a Sept. 20 X post.

Approximately 8 hours after the first warning of the attack, Balancer said its decentralized autonomous organization (DAO) was actively addressing the DNS attack and was working to recover the Balancer UI.

At 5:45 pm UTC on Sept. 20, Balancer said it was successful in securing the domain and bringing it back under the control of Balancer DAO. It also confirmed its subdomains “app.balancer.fi” and other “balancer.fi” are safe to use again.

However, it suggested any other projects using the same top-level domain should consider moving to a more secure registrar. 

EuroDNS is a Luxembourg-based domain name registrar and DNS service provider. Cointelegraph has reached out to EuroDNS for comment.

Angel Drainer involved

Blockchain security firms SlowMist and CertiK reported that the attacker employed Angel Drainer phishing contracts.

SlowMist said the exploiters attacked the Balancer’s website via Border Gateway Protocol hijacking — a process where hackers take control of IP addresses by corrupting internet routing tables.

The hackers then induced users to “approve” and transfer funds via the “transferFrom” function to the Balancer exploiter, it explained.

Related: Breaking: ‘All funds are at risk' — Steadefi exploited in ongoing attack

The hacker, whom SlowMist believes may be related to Russia, has already bridged some of the stolen Ether (ETH) to Bitcoin (BTC) addresses via THORChain before eventually being bridging the ETH back to Ethereum, blockchain security firm SlowMist explained on Sept. 20.

SlowMist stated in an earlier post that the hacker transferred about 15 wrapped-Ether (wETH.e) on the Avalanche blockchain.

Meanwhile, despite Balancer confirming its subdomains, balancer.fi to now be safe, visits to the website still shows “Deceptive site ahead” warning when attempting to access the Balancer’s website.

Balancer’s website as of Sept. 20 at 10:22 pm UTC. Source: Balancer.

Cointelegraph reached out to Balancer to confirm the amount of funds lost but did not receive an immediate response.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

Read more
Developing in Web 3.0 Is on the Cusp of a Breakthrough

Developing in Web 3.0 Is on the Cusp of a Breakthrough

DeFi protocol Balancer frontend is under attack, urges users to stay away

Coin Telegraph
DeFi protocol Balancer frontend is under attack, urges users to stay away
attack

The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users to not interact with Balancer's protocol until further notice.

Balancer, an Ethereum-based decentralized finance protocol has confirmed its user interface is currently "under an attack."

The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users to not interact with Balancer's protocol until further notice.

Balancer said the details of the attack are under investigation. The firm hasn't confirmed whether user funds are safe at this point in time.

However, one blockchain analyst, ZachXBT claims $238,000 was stolen within the first 30 minutes of Balancer breaking the news.

This is the second theft from Balancer in a month, after it warned of a critical vulnerability on Aug. 22, which resulted in a $2 million exploit several days later.

This is a developing story, and further information will be added as it becomes available.

Read more
Developing in Web 3.0 Is on the Cusp of a Breakthrough

Developing in Web 3.0 Is on the Cusp of a Breakthrough

While Friend.tech booms, decentralized social has a retention problem — Execs

Coin Telegraph
While Friend.tech booms, decentralized social has a retention problem — Execs
Coin Telegraph

Decentralized social network Friend.tech may be booming right now, but execs say decentralized social media apps still have an onboarding and retention issue to fix.

Despite the recent hype around riend.tech, some decentralized social networks are still having a tough time getting users to sign up and stay on their social media platforms.

Two executives in the decentralized social (DeSo) media space told Cointelegraph that as much as 99% of users moving into DeSo for the first time will end up quitting, either due to clunky onboarding or simply not knowing anyone.

Ed Moss, the head of growth for layer-1 blockchain firm DeSo, said the process of cryptocurrencies from an exchange, transferring it to a wallet with an installed Chrome extension, and then paying high gas fees to transact on-chain or across chains is tedious and expensive for first-time users.

“We've found that 99% of mainstream users will drop off at that first step, so simplifying this flow is mission critical.”

Therefore, the single most important factor is to make sure the onboarding process is as frictionless as possible, Moss said.

But the problems can start even before this point, according to Suhail Kakar, the creator of DeSo app Onboard.

Because users need to familiarize themselves with blockchain, smart contracts, and wallets before they sign up, they often shy away from taking the first step, Kakar explained.

“A party where you don’t know anyone.”

Catching up to the massive network effects that web2 social platforms such as Facebook, Instagram and X (formerly Twitter) won’t be an easy task either.

Kakar said DeSo apps need to spend more time building their communities because making a presence in these applications is “a bit like going to a party where you don't know anyone.”

He believes that as more top-tier creators and influencers move on-chain it could be a tipping point, as users will ultimately follow where the high-quality content goes.

Data from April shows that Facebook, Instagram and Twitter hosted about 2.98 billion, 2 billion, and 372.9 million monthly active users, respectively. By comparison, one of the most visited decentralized social media networks Odysee averaged only 5.3 million average monthly unique users between January and April, according to CoinGecko.

Average number of monthly active users on decentralized social media platforms between January and April. Source: CoinGecko

Moss argues another reason why decentralized social media hasn’t hit the masses is because Ethereum and other smart contract platforms aren’t purpose-built to provide social media applications at scale.

The ideal solution would be to architect a "storage-heavy" or "infinite-state" blockchain, that is capable of storing and indexing massive amounts of data at the lowest cost possible, he explained:

“This is what a social application would require in order to store actions like ‘posts,’ ‘likes,’ ‘follows,’ ‘comments,’ and ‘social graphs’ directly on-chain to enable full decentralization from any corporate entity or centralized government.”

Without it, Moss believes end-users may never truly own their content, identity and social graph.

Friend.tech bucks trend?

Meanwhile, Base-powered social platform Friend.tech has seen strong uptake over the past week.

The platform allows creators to connect to their audience through tokenized attention, where a creator's influence is represented by shares, or keys that can be traded for access to exclusive private chat rooms.

Friend.tech has reeled in over 85,000 users from over 127,000 wallets, which have collectively sent over 630,000 requests to the network since it launched earlier this month, according to CoinGecko.

Related: Decentralized social media a game changer for creator monetization — Web3 exec

However, other industry pundits believe the model may turn out to be a six-to-eight-week fad.

Sales revenue from decentralized social media networks is projected to reach $12.1 billion in 2023 and is estimated to surpass $101 billion by 2033, a compounded annual growth rate of 23.6%, according to Future Markets Insights. 

Other decentralized social media networks include Jack Dorsey's Bluesky — a decentralized Twitter alternative, Mastodon and Lens Protocol. 

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Decentralized social media: The next big thing in crypto?

Read more
Developing in Web 3.0 Is on the Cusp of a Breakthrough

Developing in Web 3.0 Is on the Cusp of a Breakthrough

Base launches mainnet bridge UI for end users, sets Aug. 9 for official launch

Coin Telegraph
Base launches mainnet bridge UI for end users, sets Aug. 9 for official launch
BASE

Coinbase’s Base network began onboarding end users through a bridge UI, and the team announced Aug. 9 as the platform's official launch date.

Coinbase’s Base network has released a user interface (UI) for its official bridge, allowing end users to onboard for the first time without relying on developer tools, according to an Aug. 3 announcement. The team has set Aug. 9 as Base’s “official” release date. The team will award over 100 Ether (ETH), worth approximately $184,000, in grants to developers and content creators as part of a month-long launch event called the “Onchain Summer.”

The Base mainnet launched for builders on July 13, but it lacked a functioning UI for its bridge from Ethereum. At the time, the only way to use the network was to employ command-line developer tools to bridge ETH from Ethereum’s layer 1.

In the Aug. 3 announcement, the team said the bridge UI is now running. End users can start using the network immediately without waiting for the official launch; however, some of Base’s initial Web3 apps may not be available until the official launch on Aug. 9.

The user interface for Base network’s Ethereum bridge. Source: Base

The team also announced a month-long “Onchain Summer” celebration. Each day, builders will “be bringing you something fun to do onchain, highlighting art, music, gaming, advocacy, and more,” the announcement stated. The team will award ETH grants to individuals or groups that create Base-related websites, art and videos or who deploy new protocols to the network between Aug. 9 and Sept. 13. The team will hand out Base-related nonfungible tokens and ETH to users who bridge to the network or complete educational “quests.”

Related: Base’s largest DEX, LeetSwap, halts trading amid exploit concerns

Some investors lost millions of dollars worth of crypto on Base while trying to use it when it was “launched for builders” and not publicly available. The Pond0x (PNDX) memecoin was launched for Base on July 28, and tech-savvy investors who knew how to bridge without a UI poured over $2 million into the project, only to have the token collapse to near zero in price as a bug in its transfer function was found. Another Base memecoin, Bald (BALD), resulted in losses of approximately $1.9 million when the developer pulled liquidity from the exchange it was trading on.

Read more
Developing in Web 3.0 Is on the Cusp of a Breakthrough

Developing in Web 3.0 Is on the Cusp of a Breakthrough

If good UX is like driving auto, Web3 is ‘driving stick’ — UX designers

Coin Telegraph
If good UX is like driving auto, Web3 is ‘driving stick’ — UX designers
0xDesigner

The high stakes of crypto applications mean developers often need to prioritize security — but that comes at the cost of poor user experience.

The current Web3 user experience (UX) is akin to driving a manual transmission car — there’s more control, but most users will find it unnecessarily clunky, according to several UX designers.

Over the years, discussion around mainstream adoption of Web3 has centered around the need to improve crypto’s user experience and “ease of use.”

However, in a July 12 tweet, Web3 UI/UX designer 0xDesigner argued that certain properties of blockchain make it challenging to build easy-to-use Web2-like applications.

According to 0XDesigner, one of the main issues with cryptocurrency applications is that every action is “irreversible” — there’s no “undo button” on the blockchain and mistakes are expensive. They added:

“Think of it this way: Web2 is like driving an automatic car. It’s straightforward; you get in, press the pedal and off you go. Web3, on the other hand, is more like driving stick.

“You need to understand the gears, the clutch and constantly monitor the tachometer; otherwise, you’ll damage the transmission or stall the car,” they added.

Speaking to Cointelegraph, 0xDesigner argued most of the “broader population” may not even care about the sovereignty (control and ownership) that blockchain offers.

The Web3 UX paradox

Thomas Ling, a former user interface (UI) designer for blockchain tech firm Immutable and Web2 gaming studio Riot Games, told Cointelegraph that UI is typically more simple in Web2 because with Web3, ownership and control are vested with the user.

While this makes Web3 unique, it adds more complications on the backend, Ling explained:

“Where a Web2 app may only need to show one step out of five, a Web3 app needs to show all five in order for a user to achieve an action and retain the value proposition of Web3.”

Because of this, Web3 UI/ UX designers are “limited” in the way that they can make “magic” happen in creating an easy-to-use application, explained Ling.

Ling said this is particularly challenging when product teams are faced with making design decisions with tradeoffs:

“It’s a bit of a paradox — by making Web3 flows simpler, we have to take away some control from the user, which starts to take away from the point of Web3.”

0xDesigner believes another problem lies in the lack of priority given to user experience in Web3 projects.

“From what I’ve seen, most product teams are engineering driven. The designer-to-developer ratios are lower than in Web2. That usually results in more technical solutions.”

This could be because of the high stakes in Web3, especially regarding financial applications, meaning that more staff will be focused on security and error prevention.

Related: This platform improves UX by providing CEX users with ENS names

0xDesigner believes mass adoption of Web3 will come when there’s a truly useful application of it, like gaming and music.

“The adoption problem is usefulness first, not usability. It needs to be a good game or good music. I don’t think it will matter that it’s Web3.”

Cryptocurrency applications should also “feel invisible,” they added.

“I think the next crypto cycle will be driven by consumer apps that are powered by crypto, but users won’t know it’s crypto unless they look closely.”

In a contrasting view, Messari CEO Ryan Selkis downplayed the problem of UX/UI on adoption during a July 11 Twitter Spaces.

“The wallets are fine, there’s definitely some things to be desired [...] but it’s really a lot of the off-chain, social and regulatory things that cloud long term adoption.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Web3 Gamer: Apple to fix gaming? SEC hates Metaverse, Logan Paul trolled on Steam

Read more
Developing in Web 3.0 Is on the Cusp of a Breakthrough

Developing in Web 3.0 Is on the Cusp of a Breakthrough

WordPress Theme by cactus.com
Close

Share this video