Perhaps the strategic shift is false, and the tightening of funds during the bear market cycle is true.
Author: Luccy, Kaori
Editor: Jack
On September 20th, Balancer suffered a loss of $238,000 in a new round of attacks. SlowMist Intelligence Analysis believes that this is a BGPHijacking attack. After accessing the wallet through the link on the website, users will be subjected to phishing attacks. Subsequently, SlowMist MistTrack stated that the attacker who attacked Balancer was a phishing organization called Angel Drainer. Currently, Balancer states that the front end has been restored to security and is once again controlled by Balancer DAO.
- Australian regulatory agency sues Kraken provider over margin trading products.
- 11 people arrested in the case of the unlicensed virtual asset platform JPEX involved in conspiracy and fraud; Hong Kong discusses improving regulation.
- Former Alameda employees recall Tens of millions of dollars in losses caused by a fat finger trade
BGPHijacking, also known as BGP route hijacking, is a type of front-end attack. In a BGPHijacking attack, the attacker sends false BGP route update information, causing other routers to redirect traffic in the wrong direction, thus achieving eavesdropping, tampering, or interruption of traffic. Simply put, the website can send spam to approve transactions, allowing malicious contracts to transfer users’ funds.
This is also the biggest difference from previous attack incidents – the attack targeted Balancer’s front end.
OpCo, Orb Collective, and the cost of strategic shifts
It is worth noting that before this attack, Balancer also had an important piece of news. On April 14th, Balancer’s service provider, Balancer OpCo, announced that it had dismissed two engineers and reduced its operating budget.
Balancer OpCo is a wholly-owned subsidiary of the Balancer Foundation, providing management and operational services, as well as front-end development and engineering workflows, for Balancer. From August of last year to June of this year, seven proposals involving Balancer OpCo were displayed in the Balancer DAO, five of which were shown to be approved. In addition to the team’s financing, 250,000 BAL were transferred to OpCo to allow OpCo to focus on the private sale of tokens. Currently, the proposal to raise funds for the platform’s operation in the next year is also in the preliminary discussion stage.
However, as the protocol shifted its focus to improving user interfaces and marketing, the number of Balancer OpCo personnel also decreased. As a result, Balancer will establish a dedicated marketing team called Orb Collective, which will be responsible for discussing mechanisms for Balancer to collaborate with platform users, promoting the global adoption of the Balancer protocol through partnership, marketing, integration, design, and personnel operations. In August of last year, Orb Collective was officially launched, and the team stated that the new promotion strategy will also adopt “encrypted Twitter native voice.”
It is worth noting that in April of this year, the Balancer governance updated the financial plan of Orb Collective in the proposal, allocating funds from the budget of Orb Collective to OpCo starting from the second quarter of 2023, in order to ensure the security of Balancer users’ funds. However, nearly 80% of the Balancer DAO community members voted against the proposal for Balancer OpCo Limited to conduct smart contract audits, making it the only proposal among the seven to be rejected.
In the same month, Coindesk published an article titled “DeFi Protocol Balancer Reduces Budget and Staff Numbers Amid Strategic Shift”. The article stated that Balancer will make strategic adjustments. According to the article, the Balancer OpCo team revealed in a Discord conference call in April this year, attended by more than 20 people, that the company has laid off two engineers and reduced operating budget.
Jeremy Musighi, CEO of Orb Collective, said: “We have developed a new vision for the Balancer brand and we are very excited about it.” “At the same time, we have been making some adjustments to the marketing team to ensure that we have the right people to execute this new vision.” In the third quarter of 2022, the Orb team applied for a operating budget of $76,000 to expand the exposure of Balancer in social media, podcasts, and community relations. In the fourth quarter, the budget proposal claimed that due to being in a bear market cycle, the Orb team’s operating budget was only $48,000, almost a 50% decrease.
At the same time, the team stated that this is in order to reform the brand strategy and will focus on improving its user interface and marketing in the future. When this news was announced, Balancer faced some market pressure, perhaps this front-end staff reduction provided attackers with an opportunity.
It is difficult not to link this front-end attack on Balancer with the proposal of the failed smart contract audit and the layoff of front-end personnel. Perhaps the strategic shift is a deception, and the tight funding in the bear market cycle is the truth.
Concerns about Centralized Front-End
In addition to internal reasons within the Balancer team, this attack has also raised concerns in the community about centralized front-ends in DeFi protocols.
In the history of DeFi development, events that cause losses due to front-end attacks are not common. In December 2021, the website front-end code of decentralized organization Badger DAO was injected with a series of malicious code, allowing attackers to transfer tokens without the user’s knowledge. In May 2022, Cronos ecosystem DEX MM.Finance was attacked on the front-end, and hackers stole over 2 million dollars worth of assets from users using a DNS vulnerability.
The last major discussion about decentralized front-ends was when Tornado Cash was sanctioned and its front-end was banned. But now front-ends are still under security pressure. Some people believe that ENS may be a solution to front-end attacks, but ENS domain resolution is “centralized”, so it is not very realistic to use it to resist “attacks on decentralization”.
Although DeFi contracts are theoretically immutable and irreversible once deployed, the majority of front-ends are still implemented through traditional architectures. Although web pages themselves are constantly evolving and developing, there are still many potential threats in terms of domain names, network services, servers, storage services, and so on. At the same time, attacks on front-ends are often overlooked by developers.
As a DeFi OG, Balancer is now also facing front-end attacks, leading to the emergence of calls for the construction of decentralized front-ends. However, such calls are not very common. Compared to the popularity caused by the front-end bans of Uniswap and Tornado Cash, there is still a need for continuous exploration in the encryption industry on what ordinary users should do regarding front-end attacks by hackers.
Like what you're reading? Subscribe to our top stories.
We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!
