Decentralized exchange Balancer has suffered a hack in which it lost nearly $1m.
Updated: Read about the Latest Balancer Exploit Here!
Decentralized exchange Balancer has suffered a hack in which it lost nearly $1m.
Less than a week had passed since the exchange's developers disclosed a "critical vulnerability" before the breach. On August 22, Balancer requested that liquidity providers remove funds from a few pools that were affected by the issue.
Meir Dolev, founder and CTO of crypto security firm Cyvers, identified the hacker's Ethereum address, which received three transfers of DAI stablecoin totalling approximately $979,420 since 23 August.
The Balancer team confirmed the hack on 27 August, stating that it was “aware of an exploit related to the vulnerability”.
Several flash loan attacks were used to carry out the hack. In a flash loan attack, the attacker borrows a sizable sum of crypto from a DeFi platform, uses it to attack the affected pools and steal the funds, and immediately pays back the loan.
Balancer had stated that only “0.08% of total TVL ($565,199)” was still at risk as most liquidity providers had withdrawn from the affected pools.
The issue only affected boosted pools on eight different blockchains, according to Balancer. By lending some of the liquidity in other apps like Aave, enhanced pools increase the yields for liquidity providers.
Balancer has consistently recommended withdrawal as the only method for safeguarding funds and has restricted access to the pools so that withdrawals can only be made using a specific user interface.
