According to Coincu, Balancer, an automated market maker on the Ethereum blockchain, recently lost $238,000 in a DNS attack believed to be the result of a social engineering attack on its DNS service provider. The decentralized autonomous organization (DAO) of Balancer quickly responded, addressing the attack and initiating efforts to restore the user interface. After approximately eight hours, the project successfully regained control of its domain, securing user subdomains 'app.balancer.fi' and 'balancer.fi' once again.
Blockchain investigator ZachXBT reported that the attacker made off with around $238,000 in cryptocurrency. The attack involved a malicious contract being approved from non-custodial wallets of visitors to the website, showcasing the sophistication of the breach. Online publication MistTrack detailed the complexity of the attack, which involved the protocol and an organization called AngelDrainer. The fees generated from the attacker's actions were traced back to AngelDrainer, revealing a multi-pronged strategy that included BGP hijacking, coerced transfers, and laundering through THORChain, a cross-chain decentralized liquidity network.
As the investigation continues, there are indications of potential ties between the Balancer attackers and Russia, suggesting a broader network of cybercriminals. The international nature of such attacks presents challenges in addressing and preventing future incidents, emphasizing the need for heightened security measures within the cryptocurrency space.