Behind the Balancer attack Security team layoffs and concerns about centralized front-end

Balancer attack triggers layoffs in security team and concerns about centralized front-end.

Author: Luccy, Kaori; Translation: BlockBeats

On September 20th, Balancer suffered a loss of $238,000 in a new round of attacks. SlowMist, an intelligence analysis company, believes that this attack is a BGPHijacking attack, and visiting the website link wallet will result in a phishing attack. Subsequently, SlowMist MistTrack stated that the attacker’s fees for Balancer came from the phishing organization Angel Drainer. Currently, Balancer stated that the front-end has been restored to security and is now controlled by Balancer DAO.

BGPHijacking, also known as BGP route hijacking, is a type of front-end attack. In a BGPHijacking attack, the attacker sends false BGP route update information, causing other routers to redirect traffic in the wrong direction, thereby eavesdropping, tampering, or interrupting the flow of traffic. Simply put, the website is able to send spam to approve transactions, allowing malicious contracts to transfer all of the user’s funds.

This is also the biggest difference from previous attack incidents – the attack targets the Balancer front-end.

• Grayscale applies for new Ethereum futures ETF
• Microsoft plans to expand support for cryptocurrency wallets in the next generation of hardware products.
• Pizza Hut enters the metaverse and launches new Roblox world The Hut.

OpCo, Orb Collective, and the cost of strategic changes

It is worth noting that before this attack, Balancer had another important news. On April 14th, Balancer’s service provider, Balancer OpCo, announced that two engineers had been fired and operational budgets had been reduced.

Balancer OpCo is a wholly-owned subsidiary of the Balancer Foundation, providing management and operational services, as well as front-end development and engineering workflows for Balancer. From August last year to June this year, there were 7 proposals involving Balancer OpCo in Balancer DAO, of which 5 proposals were approved. In addition to the team’s financing, 250,000 BAL was also transferred to OpCo for OpCo to focus on private sales of tokens. Currently, proposals for fundraising for the next year of platform operations are also in the preliminary discussion stage.

However, as the protocol shifts its focus to improving user interfaces and marketing, the number of Balancer OpCo personnel has also decreased. For this reason, Balancer will establish a dedicated marketing team called Orb Collective, which is responsible for discussing mechanisms for Balancer to collaborate with platform users, promoting the development of the Balancer protocol through partnerships, marketing, integration, design, and personnel operations to expand the global adoption of the Balancer protocol. In August last year, Orb Collective was officially launched, and the team stated that the new promotion strategy will also use “native voices of encrypted Twitter”.

It is worth noting that in April of this year, Balancer governance updated Orb Collective’s financial plan in a proposal to renew Certora’s smart contract auditing contract, allocating it from Orb Collective’s budget to OpCo starting from the second quarter of 2023 to ensure the security of Balancer users’ funds. However, the Balancer DAO community members voted against the proposal for Balancer OpCo Limited to conduct smart contract audits by nearly 80%, making it the only proposal to be rejected among the 7 proposals.

In the same month, Coindesk published an article titled “DeFi protocol Balancer cuts budget and staff numbers amid strategic shift”, stating that Balancer will make strategic adjustments. According to the article, the Balancer OpCo team revealed in a Discord conference call in April this year, attended by more than 20 people, that the company had fired two engineers and reduced operational budgets.

Jeremy Musighi, CEO of Orb Collective, said: “We have set a new vision for the Balancer brand, and we are very excited about it.” “At the same time, we have been making some adjustments to the marketing team to ensure that we have the right people to execute this new vision.” In the third quarter of 2022, the Orb team applied for a $76,000 operating budget to expand the influence of Balancer on social platforms, podcasts, community relationship maintenance, etc. In the fourth quarter, the budget proposal claimed that due to the bear market cycle, the Orb team’s operating budget was only $48,000, nearly a 50% decrease.

At the same time, the team stated that this was to reform the brand strategy and will focus on improving its user interface and marketing in the future. When this news was announced, Balancer was facing some market pressure, and perhaps this front-end downsizing action provided attackers with an opportunity.

It is difficult not to link the attack on Balancer’s front end with the failure of the smart contract audit proposal and the downsizing of front-end personnel. Perhaps the strategic shift is false, and the financial constraints of the bear market cycle are true.

Concerns about centralized front end

In addition to internal reasons within the Balancer team, this attack has also raised concerns in the community about centralized front ends in DeFi protocols.

In the history of DeFi development, events causing losses due to attacks on front ends are rare. In December 2021, a series of malicious codes were injected into the front-end code of the decentralized organization Badger DAO’s website, allowing attackers to transfer tokens without the user’s knowledge. In May 2022, the Cronos ecosystem DEX MM.Finance was attacked on the front end, and hackers used DNS vulnerabilities to steal assets worth over $2 million from users.

The last large-scale discussion of decentralized front ends was when Tornado Cash was sanctioned and its front end was blocked. But now front ends are still under security pressure. Some people believe that ENS may be a solution to front-end attacks, but ENS domain name resolution is “centralized”, so it is not very practical to use it to resist “decentralized attacks”.

Although DeFi contracts are theoretically immutable and irreversible once deployed, the majority of front ends are still implemented through traditional architectures. Although web pages themselves are constantly evolving and developing, there are many potential threats in terms of domain names, network services, servers, storage services, etc., and attacks on front ends are often easily overlooked by developers.

As a DeFi OG, Balancer is now also subject to front-end attacks, and as a result, the community has called for the establishment of decentralized front ends. However, there are not many such voices, and compared to the enthusiasm stirred up by the front ends of Uniswap and Tornado Cash being blocked, there is still a need for the encryption industry to continue exploring what ordinary users need to do in the face of hacker attacks on front ends.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!