News

As another DeFi hack strikes, Balancer loses nearly $900k

The protocol confirmed the DeFi hack on 27 August and urged affected users to withdraw from impacted liquidity pools.

Published

on

  • The DeFi hack occurred only a few days after the protocol had publicly disclosed a vulnerability affecting its boosted pools.
  • The protocol’s team promptly addressed the situation by acknowledging the exploit related to the disclosed vulnerability.

Balancer, the Ethereum [ETH]-based decentralized finance [DeFi] protocol, fell victim to an exploit resulting in losses of nearly $900,000. This incident occurred only a few days after the protocol had publicly disclosed a vulnerability affecting its boosted pools. The protocol itself confirmed the exploit and subsequent loss on social media platform X (formerly Twitter) on 27 August.

Blockchain security expert Meier Dolev identified an Ethereum address allegedly linked to the attacker. This address received two substantial transfers of Dai stablecoin, totaling $636,812 and $257,527 respectively, ultimately amassing over $893,978 in the attacker’s possession.

Attack shortly after disclosing vulnerability in boosted pools

The protocol’s team promptly addressed the situation by acknowledging the exploit related to the disclosed vulnerability. While they had taken mitigation measures to significantly reduce risks, they also clarified that it was not possible to stop the affected pools.

To avert further breaches, the team recommended that users withdraw from the impacted liquidity pools.

Balancer disclosed the critical vulnerability in question on 22 August. This prompted an urgent call for users to withdraw funds from liquidity providers and leading to the temporary suspension of pools.

The vulnerability posed a threat to assets deployed on various platforms. These include Ethereum, Polygon [MATIC], Arbitrum [ARB)], Optimism [OP], Avalanche [AVAX], Gnosis [GNO], Fantom [FTM], and zkEVM.

Initially, upon detecting the vulnerability, the risk assessment identified that only 1.4% of the total assets faced exposure, totaling over $5 million. However, as of 24 August, a significant level of risk persisted, with at least $2.8 million remaining vulnerable, accounting for 0.42% of the total locked value.

Balancer issued a warning to its users on X, advising them about the status of their funds across various pools. They underscored that funds within the mitigated pools labeled as ‘mitigated’ were categorized as safe.

Nevertheless, users were strongly recommended to contemplate migrating to more secure pools or initiating fund withdrawals. Pools that remained susceptible were designated as ‘at risk,’ prompting LPs engaged in those pools to promptly exit.

The protocol closely intertwined its journey with its deployment on the Optimism network in June of the previous year. This deployment aimed to enhance user functionality while reducing transaction fees, making it more accessible and cost-effective for participants.