Decentralized trading protocol Balancer said its web front end is suffering from an exploit and urged users not to interact with the website.
Tweets from Balancer and a warning from the Metamask wallet suggest the Balancer URL, or web address, has suffered a redirect attack and users are being sent to a malicious page rather than the authentic site. Cybercriminals carry our redirect attacks by exploiting users' trust of a website, inserting a redirection to a malicious page in the website's code or in a phishing email.
The attacker appears to be part of phishing group "AngelDrainer" according to crypto tracking platform MistTrack. They hacked the website using this method and induced users to approve transfers of funds.
On-chain data suggests that the user behind the wallet has been moving some of the stolen proceeds to Aave.
MistTrack said that the attacker may have links to Russia based on "relevant intelligence" it has collected, without providing details.
The attack comes roughly a month after Balancer warned the public about an unrelated vulnerability in the protocol's pools and urged users to withdraw their assets.
UPDATE (Sept. 20, 14:32 UTC): Adds additional detail on the attack and further background on Balancer and exploits across crypto this year.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.