DeFi Protocol Balancer Says Web Front End Is ‘Under Attack’

On-chain data appears to show the attacker has stolen over $200,000 from users.

AccessTimeIconSep 20, 2023 at 8:31 a.m. UTC
Updated Sep 20, 2023 at 2:33 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Decentralized trading protocol Balancer said its web front end is suffering from an exploit and urged users not to interact with the website.

  • Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
    Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
  • Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
    Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
  • Breaking Down the State of Hacking in 2024
    Breaking Down the State of Hacking in 2024
  • Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
    Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
  • Tweets from Balancer and a warning from the Metamask wallet suggest the Balancer URL, or web address, has suffered a redirect attack and users are being sent to a malicious page rather than the authentic site. Cybercriminals carry our redirect attacks by exploiting users' trust of a website, inserting a redirection to a malicious page in the website's code or in a phishing email.

    Hacks, exploits and scams across the crypto sector have caused losses of over $1 billion by early September this year, according to blockchain security firm Certik. Crypto traders lost $303 million in July alone, the year's worst month for losses from such attacks.

    The attacker appears to be part of phishing group "AngelDrainer" according to crypto tracking platform MistTrack. They hacked the website using this method and induced users to approve transfers of funds.

    A wallet address identified by internet sleuth ZachXBT appears to show that over $200,000 in digital assets may have been stolen. According to data, the wallet’s current balance is just over $100,000, with most of the assets being stETH and DAI.

    On-chain data suggests that the user behind the wallet has been moving some of the stolen proceeds to Aave.


    MistTrack said that the attacker may have links to Russia based on "relevant intelligence" it has collected, without providing details.

    The attack comes roughly a month after Balancer warned the public about an unrelated vulnerability in the protocol's pools and urged users to withdraw their assets.

    Balancer has a total value locked of about $700 million, according to DefiLlama data, making it the fourth-largest decentralized exchange.

    UPDATE (Sept. 20, 14:32 UTC): Adds additional detail on the attack and further background on Balancer and exploits across crypto this year.

    Edited by Sheldon Reback.


    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.