By: Eva Baxter
The decentralized finance (DeFi) protocol, Balancer, successfully reclaimed its domain after a Domain Name Service (DNS) attack led to a loss of roughly $240,000. The attack was carried out by way of a social engineering attack on EuroDNS, which is the domain registrar for .fi TLDs. In response to this incident, Balancer is looking into depreciating the .fi TLD to transition to a more secure registrar and recommends other projects using the TLD do the same.
Balancer's front end was compromised in this DNS attack, resulting in the theft of significant digital assets. Balancer advised users against interacting with their interface until the issue was resolved. Balancer has now rectified the issue and their domain is back under their control, confirming that its subdomains are now safe to use.
Security firms SlowMist and CertiK believe that the attacker also deployed Angel Drainer phishing contracts. They indicated that the attacker was able to compromise Balancer's website via Border Gateway Protocol hijacking and induce users to transfer funds to the attacker's end. A significant portion of stolen Ether (ETH) was bridged to Bitcoin (BTC) addresses via THORChain before eventually returning back to Ethereum.