Ethereum-based decentralized exchange Balancer BAL + suffered a domain name system (DNS) attack on its frontend website, the team confirmed.
During the incident, hackers executed a DNS exploit to take control of the official Balancer website link — balancer.fi — and redirected users to a phishing site associated with a malicious contract aiming to steal users’ funds.
On Wednesday at 7:50 pm EST, Balancer warned users not to interact with its website until further notice. Later, the team confirmed the front-end issue was related to a DNS attack. “The Balancer DAO is actively addressing the current DNS attack and is working with all relevant parties to ensure the full recovery of the Balancer UI,” Balancer wrote on X.
The domain name system is a widely used protocol that websites rely on. However, attackers can exploit issues in DNS to attempt to carry out nefarious activities, as demonstrated in this incident.
While there has been no official statement about the impact on user assets, security firm PeckShield estimated that roughly $238,000 in cryptocurrency might have been taken during the attack.
In August, Balancer experienced an exploit resulting in the loss of nearly $1 million in stablecoin. This was attributed to a critical flaw on the platform shortly after it advised users to withdraw from the affected liquidity pools.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.