Balancer blames ‘social engineering attack’ on DNS provider for website hijack
The team behind Balancer, an Ethereum-based automated market maker, believes a social engineering attack on its DNS service provider was what led to its website’s frontend being compromised on Sept. 19, leading to an estimated $238,000 in crypto stolen.
“After investigation, it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs,” the firm explained in a Sept. 20 X post.
Approximately 8 hours after the first warning of the attack, Balancer said its decentralized autonomous organization (DAO) was actively addressing the DNS attack and was working to recover the Balancer UI.
At 5:45 pm UTC on Sept. 20, Balancer said it was successful in securing the domain and bringing it back under the control of Balancer DAO. It also confirmed its subdomains “app.balancer.fi” and other “balancer.fi” are safe to use again.
After investigation it is clear that this was a social engineering attack on EuroDNS, the domain registrar used for .fi TLDs.
We are exploring deprecating the .fi TLD in order to move to a more secure registrar and suggest that other projects using the TLD do the same.
[2/2]
However, it suggested any other projects using the same top-level domain should consider moving to a more secure registrar.
EuroDNS is a Luxembourg-based domain name registrar and DNS service provider. Cointelegraph has reached out to EuroDNS for comment.
Blockchain security firms SlowMist and CertiK reported that the attacker employed Angel Drainer phishing contracts.
SlowMist said the exploiters attacked the Balancer’s website via Border Gateway Protocol hijacking — a process where hackers take control of IP addresses by corrupting internet routing tables.
The hackers then induced users to “approve” and
Read more on cointelegraph.com
