Original author: Luccy, Kaori, BlockBeats
Original editor: Jack, BlockBeats
On September 20, Balancer suffered a loss of US$238,000 in a new round of attacks. SlowMist Intelligence analysis believes that this is a BGP Hijacking attack. Visiting the website to link the wallet will cause phishing attacks. Subsequently, SlowMist MistTrack stated that the Balancer attacker fee came from the phishing group Angel Drainer. Currently, Balancer says the frontend has been restored to security and is back under control of the Balancer DAO.
BGPHijacking, also known as BGP route hijacking, is a front-end attack method. In a BGP Hijacking attack, the attacker sends false BGP routing update information to cause other routers to direct traffic in the wrong direction, thereby eavesdropping, tampering, or interrupting the traffic. Simply put, the website was able to send spam emails approving transactions, allowing the malicious contract to divert all of the users funds.
This is also the biggest difference from previous attacks - the attack targeted the Balancer front-end.
OpCo, Orb Collective, and the Cost of Shifting Growth Strategies
It is worth noting that before this attack, Balancer had another important news. On April 14, Balancer’s service provider, Balancer OpCo, announced that it had laid off two engineers and reduced its operating budget.
Balancer OpCo is a wholly owned subsidiary of the Balancer Foundation and provides management and operations service providers as well as front-end development and engineering workflows to Balancer. From August last year to June this year, 7 proposals involving Balancer OpCo in Balancer DAO showed that 5 of the proposals were approved. In addition to the team financing, an additional 250,000 BAL was transferred to OpCo so that OpCo could work on for private sales of tokens. Currently, proposals for financing the operation of the platform in the next year are also in the preliminary discussion stage.
However, as the agreement shifted its focus to improving the user interface and marketing, Balancer OpCo headcount was reduced. To this end, Balancer will establish a dedicated marketing team, Orb Collective, responsible for discussing mechanisms for how Balancer can work with platform users to promote the development of the Balancer protocol through partnerships, marketing, integration, design, and people operations efforts to expand the Balancer protocol. global adoption rate. In August last year, Orb Collective was officially launched, and the team stated that the new promotion strategy will also use encrypted Twitter native sounds.
It is worth noting that in April this year, Balancer Governance updated Orb Collective’s financial plan in a proposal to renew Certora’s smart contract audit contract, starting in the second quarter of 2023, with the purpose of allocating it from Orb Collective’s budget to OpCo. Ensure the safety of Balancer users’ funds. However, nearly 80% of Balancer DAO community members rejected Balancer OpCo Limited’s proposal to conduct a smart contract audit. This was the only proposal that was rejected among the seven proposals.
In the same month, Coindesk published an article titled “DeFi protocol Balancer cuts budget, headcount amid strategic shiftThe article stated that Balancer will make strategic adjustments. According to the article, the Balancer OpCo team revealed in a Discord call attended by more than 20 people in April this year that the company had laid off two engineers and reduced its operating budget.
“We have a new vision for the Balancer brand that we are very excited about,” said Jeremy Musighi, CEO of Orb Collective. “At the same time, we have been making some changes to our marketing team to ensure we have the right people. To implement this new vision. In the third quarter of 2022, the Orb team applied for an operating budget of US$76,000, hoping to expand Balancers voice in social platforms, podcasts, community relationship maintenance, etc. In the fourth quarter, the budget request proposal stated that due to the bear market cycle, the Orb teams operating budget was only $48,000, a drop of almost 50%.
At the same time, the team stated that this is to reform the brand strategy and will turn its focus to improving its user interface and marketing in the future. When this news was announced, Balancer faced some market pressure. Perhaps it was this front-end layoffs that gave attackers an opportunity to find another way.
This time Balancers front-end was attacked, and it is difficult not to connect it with the failure of the smart contract audit proposal and the layoff of front-end personnel. Maybe the strategic change is false, and the bear market cycle is true when funds are tight, increasing revenue and reducing expenditure.
The hidden worries of centralized front-end
In addition to internal reasons within the Balancer team, this attack also caused community concerns about the centralized front-end of DeFi protocols.
In the history of DeFi development, there are rare incidents of losses due to front-end attacks. In December 2021, a series of malicious codes were injected into the front-end code of the website of the decentralized organization Badger DAO. The attacker could do this without the user’s knowledge. If necessary, confirm the transaction and transfer the tokens. In May 2022, the Cronos ecological DEX MM.Finance suffered a front-end attack, and hackers used DNS vulnerabilities to steal more than $2 million in assets from users.
The last time the decentralized front-end was discussed on a large scale was because Tornado Cash was sanctioned and the front-end was banned. But today the front end is also under security pressure. Some people think that ENS may be a solution for front-end attacks, but ENS domain name resolution is centralized, so it is not very realistic to use it to resist attacks on decentralization.
Although DeFi contracts cannot be tampered with or withdrawn once deployed, and theoretically will not be subject to human intervention, the vast majority of front-ends are still implemented through traditional architectures. Although the web pages themselves are constantly evolving and developing, domain names, network services, and servers There are many potential threats in , storage services, etc. At the same time, attacks on the front end are often easily ignored by developers.
Balancer, the DeFi OG, is now also under front-end attack. As a result, there are voices in the community calling for the construction of a decentralized front-end. However, there are not too many such voices. Compared with the heat caused by the ban of the front-end of Uniswap and Tornado Cash, what we ordinary users need to do to hack the front-end currently still needs to be continuously explored by the encryption industry.
