Behind the Balancer attack incident In addition to the downsizing of the security team, we should pay more attention to the hidden concerns of centralized front-ends.

Apart from reducing the security team, we should also focus on the underlying concerns of centralized front-ends in the Balancer attack incident.

Written by: Luccy, Kaori, BlockBeats

Edited by: Jack, BlockBeats

On September 20th, Balancer suffered a loss of $238,000 in a new round of attacks. SlowMist Intelligence Analysis believes that this is a BGPHijacking attack, and accessing the wallet link on the website will result in a phishing attack. Subsequently, SlowMist MistTrack stated that the attacker’s cost of Balancer came from the phishing organization Angel Drainer. Currently, Balancer has stated that the front-end has been restored to security and is now recontrolled by Balancer DAO.

BGPHijacking, also known as BGP route hijacking, is a type of front-end attack. In a BGPHijacking attack, the attacker sends false BGP route update information, causing other routers to redirect traffic in the wrong direction, thereby eavesdropping, tampering, or interrupting traffic. Simply put, the website can send spam to approve transactions, allowing malicious contracts to transfer all the user’s funds.

• Where are the criminal risks of crypto market makers?
• Telegram against MetaMask It is not only a battle for Web3 traffic entrance, but also a battle between Web2 and native encryption.
• SubDAO Divide and Conquer, a key step in the endgame of MakerDAO

This is also the biggest difference from previous attack incidents-the attack targets the Balancer front-end.

OpCo, Orb Collective, and the Cost of Strategic Transformation

It is worth noting that before this attack, Balancer had another important piece of news. On April 14th, Balancer’s service provider, Balancer OpCo, announced that it had fired two engineers and reduced its operating budget.

Balancer OpCo is a wholly-owned subsidiary of the Balancer Foundation, providing management and operational service providers for Balancer, as well as front-end development and engineering workflows. From August of last year to June of this year, 7 proposals involving Balancer OpCo in Balancer DAO were displayed, of which 5 proposals were displayed as approved. In addition to the team’s financing, an additional 250,000 BAL was transferred to OpCo to enable OpCo to focus on private sales of tokens. Currently, the proposal for financing the operation of the platform for the next year is also in the preliminary discussion stage.

However, as the protocol shifts its focus to improving the user interface and marketing, the number of Balancer OpCo personnel has also decreased. To this end, Balancer will establish a dedicated marketing team called Orb Collective, which is responsible for discussing mechanisms for how Balancer can collaborate with platform users and promoting the development of the Balancer protocol through partnership relationships, marketing, integration, design, and personnel operations, in order to expand the global adoption of the Balancer protocol. In August of last year, Orb Collective was officially launched, and the team stated that the new promotion strategy will also adopt “native voice on encrypted Twitter”.

It is worth noting that in April of this year, the Balancer governance updated the financial plan of Orb Collective in the proposal to renew the smart contract audit contract with Certora. Starting from the second quarter of 2023, funds will be allocated from Orb Collective’s budget to OpCo to ensure the security of Balancer users’ funds. However, the Balancer DAO community members rejected the proposal for Balancer OpCo Limited to conduct a smart contract audit by an overwhelming 80%, which was the only proposal rejected among the 7 proposals.

In the same month, Coindesk published an article titled “DeFi Protocol Balancer Reduces Budget and Staff Numbers Amid Strategic Shift”, stating that Balancer will make strategic adjustments. According to the article, the Balancer OpCo team revealed during a Discord conference call in April this year, attended by more than 20 people, that the company has laid off two engineers and reduced its operating budget.

Jeremy Musighi, CEO of Orb Collective, said, “We have developed a new vision for the Balancer brand, and we are very excited about it.” “At the same time, we have been making some adjustments to the marketing team to ensure that we have the right people in place to execute this new vision.” In the third quarter of 2022, the Orb team applied for an operating budget of $76,000 to expand Balancer’s influence in social media, podcasts, and community relations. In the fourth quarter, the budget proposal claimed that due to the bear market cycle, the Orb team’s operating budget was only $48,000, a nearly 50% decrease.

At the same time, the team stated that this was to reform the brand strategy and focus on improving its user interface and marketing. When this news was announced, Balancer faced some market pressure, and perhaps this front-end layoff action provided attackers with an alternative opportunity.

It is difficult not to link this front-end attack by Balancer with the failure of the smart contract audit proposal and the layoff of front-end personnel. Perhaps the strategic shift is false, and the funding crunch in the bear market cycle is true.

Concerns About Centralized Front-End

In addition to internal reasons within the Balancer team, this attack has also raised concerns in the community about centralized front-ends in DeFi protocols.

In the history of DeFi development, incidents of losses caused by front-end attacks are not common. In December 2021, the front-end code of the decentralized organization Badger DAO’s website was injected with a series of malicious codes, allowing attackers to transfer tokens without the user’s knowledge. In May 2022, Cronos ecosystem DEX MM.Finance was subjected to a front-end attack, and hackers stole over $2 million in assets from users using DNS vulnerabilities.

The last large-scale discussion on decentralized front-ends was due to Tornado Cash being sanctioned and its front-end being blocked. But now front-ends are still under security pressure. Some people believe that ENS may be a solution to front-end attacks, but ENS domain name resolution is “centralized”, so it is not very realistic to use it to defend against “attacks on decentralization”.

Although DeFi contracts are theoretically immutable and irreversible once deployed and should not be subject to human intervention, the majority of front-ends are still implemented through traditional architectures. Although web pages themselves are constantly evolving and developing, there are many potential threats in terms of domain names, network services, servers, storage services, etc. At the same time, attacks on front-ends are often easily overlooked by developers.

As a DeFi OG, Balancer is now also subject to front-end attacks, leading to a call from the community to build decentralized front-ends. However, such voices are not too many. Compared to the excitement caused by the front-end bans of Uniswap and Tornado Cash, there is still a need for the encryption industry to continue exploring what ordinary users need to do regarding front-end attacks by hackers.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!