Balancer, a decentralized finance protocol, suffered an exploit leading to a loss of around $900,000 on Sunday. This incident came shortly after the discovery of a critical flaw impacting several V2 pools.
Blockchain security specialist Meier Dolev disclosed the identity of the individual who took advantage of the flaw.
Suspicion was cast on the hacker’s Ethereum address after it was noted for two significant transfers of Dai (DAI) stablecoins, amounting to $636,812 and $257,527. Post these transactions, the total funds in the address amounted to $893,978.
Balancer Protocol Alerted of a Critical Vulnerability
Earlier on August 22, the Balancer protocol’s team had alerted users about a significant flaw impacting its amplified pools.
To mitigate possible losses, the protocol’s developers recommended that users pull out funds from liquidity providers (LPs) and momentarily halt the affected pools.
The assets susceptible to this vulnerability were dispersed across multiple networks such as Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM.
When the flaw was identified, only about 1.4% of Balancer’s entire assets were at risk, which was roughly valued at over $5 million.
By August 24, a considerable sum, roughly $2.8 million, or 0.42% of the total locked value, remained exposed.
Balancer took measures to curtail the potential damage, advising users that, although assets in the amended pools were considered safe, swift migration to protected pools or immediate withdrawal was highly advised.
Pools that couldn’t be safeguarded were distinctly marked as ‘at risk’, prompting liquidity providers (LPs) to promptly withdraw from these vulnerable pools.
The latest breach underscored the persistent security and risk management hurdles that DeFi platforms grapple with.
Even with the best measures taken by the protocol to minimize potential harm, this exploit underscored the imperative for continuous monitoring and the necessity for users to be consistently active in protecting their investments.
Earlier in the month, the Exactly Protocol fell victim to an exploit, losing over $12 million. This incident is among a string of DeFi breaches that persistently challenge the sector.