Balancer Hack Traced to DNS Social Engineering Attack

Ethereum-based AMM Balancer lays the blame for the hack on its DNS service provider EuroDNS.

Robot using a fake face for ID whilst getting a DeFi check up.
Created by Kornelija Poderskytė from DailyCoin
  • Balancer attributed blame to its DNS service provider.
  • Efforts are underway to explore other domain options.
  • The majority of DeFi exploits have occurred on the Ethereum blockchain.

Decentralized finance (DeFi) has democratized access to financial services, allowing anyone to lend, borrow, and invest without intermediaries. The cost of this is that the sector has been plagued with periodic high-profile hacks by those targeting vulnerabilities within the chain of processes. 


Typically, DeFi attackers exploit smart contract vulnerabilities or weaknesses within the protocol itself. Yet, the most recent Balancer hack was traced to a socially engineered attack at the protocol’s domain name service (DNS) provider.   

Balancer Now Safe to Use

In an update to the community on Wednesday’s DNS attack, Ethereum-based Balancer confirmed that it has regained control of its domain name and assured users that all associated subdomains are now safe to use.

Balancer’s investigations concluded that hackers had infiltrated EuroDNS, the company entrusted with managing Balancer’s DNS registry, using social engineering techniques. This exploit involves manipulating unsuspecting individuals into exposing data, spreading malware, or giving away system access.

Acting on its findings, Balancer stated that it is looking at more secure top-level domains (TLD) to drop its existing .fi setup. The team also suggested that other DeFi projects follow suit.

With Balancer responding swiftly to restore services, thoughts now turn to understanding how the breach occurred and preventing future attacks from happening again.

What Happened?

On September 19, Balancer advised users not to interact with its interface after discovering a breach. Further analysis revealed hackers had hijacked the Balancer domain, enabling the deployment of a malicious program that set about draining victims’ wallets.


Although Balancer did not officially comment on the losses incurred, Peckshield estimated around $238,000 worth of crypto assets were stolen in the incident. The attack represents the second security breach for Balancer in a month. In August, the protocol suffered a spate of flash loan exploits, netting hackers just under $1 million in DAI.

On the Flipside

  • Cloudflare reported that 87% of companies suffered a DNS attack in 2021.
  • Of the 148 DeFi exploits to date, 71 occurred on Ethereum-based protocols.

Why This Matters

The latest Balancer hack highlights the heavy dependency of DeFi protocols on legacy infrastructure not designed for crypto’s complexities. Realizing the vision of DeFi as the future of finance would require reimagining the internet’s foundational structure.

Get a breakdown of what happened during the Balancer hack here:
Balancer Protocol Loses $238K in Crypto in Ongoing DNS Attack

Discover more about Nigerians turning to crypto amid the country’s ongoing economic woes:
Nigeria Turns to Crypto as Currency Crisis Deepens

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Samuel Wan

Samuel Wan is a finance professional turned crypto journalist, known for his insightful reporting on market trends, regulatory changes, and technological developments within the digital asset industry. His ability to simplify complex concepts and report the facts has made him a trusted source in the crypto community. Beyond his writing, Samuel is an active mountain biker and gamer.