DNS/CDN/frontend hash drift
Balancer (v2 + v3)'s assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
DNS/frontend hash drift [T-09 v1] | Applicable: Yes — confirmed September 2023 DNS/BGP exploit; highest-risk frontend signal for any DEX | Current state: app.balancer.fi and balancer.fi appear live and properly configured as of 2026-05-05. TLS active. No current DNS compromise detected. CRITICAL GAP: no post-exploit frontend hash baseline established for this assessment. Prior confirmed exploit: September 2023 EuroDNS social engineering attack — balancer.fi / app.balancer.fi hijacked, Angel Drainer phishing contract deployed, ~$364K stolen ($238K-$364K reported range across sources). Post-November 2025 exploit: brand impersonation active, balancer-fi.website confirmed scam domain (ScamAdviser). Phishing campaigns with fake white-hat bounty programs launched within hours of the Nov 2025 exploit. Balancer has the highest confirmed DNS-compromise risk of any DEX in this coverage set. Production deployment of this signal requires: (1) establishing a JS bundle hash baseline; (2) CertStream
Sources #
- URLhttps://cointelegraph.com/news/balancer-social-engineering-attack-dns-provider-frontend-hijackretrieved 2026-05-05
- https://medium.com/balancer-protocol/dns-security-incident-post-mortem-1b1feb735acaretrieved 2026-05-05
- https://www.scamadviser.com/check-website/balancer-fi.websiteretrieved 2026-05-05
Methodology #
Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.
See the full factor methodology and distribution across all protocols →