Balancer, a decentralized finance protocol, witnessed an exploit amounting to close to $900,000 on Sunday. This breach came shortly after a significant vulnerability was flagged in several of its V2 pools.
Blockchain security specialist, Meier Dolev, identified the hacker responsible for exploiting the vulnerability.
Suspicion arose when the hacker’s Ethereum address showed two significant transfers of Dai (DAI) stablecoins. These transfers, of $636,812 and $257,527 respectively, summed up to a total of $893,978 in the account.
Balancer is aware of an exploit related to the vulnerability below.
— Balancer (@Balancer) August 27, 2023
Mitigation procedures have drastically reduced risks, but are unable to pause affected pools.
To prevent further exploits, users must withdraw from affected LPs.https://t.co/PDzX32gqeS https://t.co/b4CSqVFbDg
Awareness Raised About Vulnerability in Balancer Protocol
On August 22, the Balancer team had already alerted its community about a severe vulnerability in its boosted pools.
To reduce potential fallout, the protocol’s team had suggested that users pull out their funds from liquidity providers (LPs) and momentarily halt the affected pools.
The assets at risk spanned multiple networks, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM.
At the time of identifying the vulnerability, only about 1.4% (roughly over $5 million) of Balancer’s entire assets were vulnerable. Yet, by August 24, around $2.8 million (or 0.42% of the total locked value) was still exposed.
For damage control, Balancer advised users that while the funds in modified pools were considered secure, they should immediately transfer to safer pools or withdraw. They also tagged pools that couldn’t be rectified as ‘at risk’, urging LPs to depart from these pools immediately.
This recent incident underscores the ongoing security challenges DeFi platforms confront. Even with Balancer’s earnest efforts to address the vulnerability, the exploit underscores the critical need for continual monitoring and the onus on users to actively protect their investments.
It’s worth noting that earlier in the month, the Exactly Protocol also faced an exploit, losing over $12 million, emphasizing the persistent security issues in the DeFi sector.
