In a recent incident, the Ethereum-based automated market maker and decentralized finance protocol, Balancer, fell victim to an exploit that resulted in the loss of nearly $900,000. The breach occurred shortly after the protocol had disclosed a vulnerability affecting multiple pools.
Balancer confirms vulnerability breach
The security breach was confirmed on social media platform X (formerly Twitter) on August 27. Balancer’s team acknowledged the exploit and informed the community that they had taken mitigation measures to reduce risks. However, the affected pools could not be paused, and users were advised to withdraw their funds from these pools to prevent further exploits.
The attacker, believed to be linked to an Ethereum address, managed to exploit the vulnerability and received two substantial transfers of the Dai stablecoin. These transfers amounted to $636,812 and $257,527, respectively, which brought the total balance of the attacker’s address to over $893,978.
This incident followed closely after Balancer had initially disclosed a critical vulnerability affecting its boosted pools on August 22. The protocol promptly urged users to withdraw their funds from liquidity providers (LPs) and temporarily halted the affected pools to mitigate potential damage. Assets on various networks, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM, were at risk due to this vulnerability.
Immediate response and mitigating efforts
At the time of the vulnerability discovery, only a small fraction, 1.4%, of Balancer’s total assets were considered at risk, accounting for over $5 million worth of assets. By August 24, approximately $2.8 million, or 0.42% of the total value locked in Balancer, remained exposed to potential exploits. To ensure the safety of their users’ funds, Balancer took measures to label pools as “mitigated” or “at risk.”
The protocol assured users that funds in the mitigated pools were secure, but strongly recommended transitioning to safe pools or initiating withdrawals. For pools labeled “at risk,” users were advised to exit these pools immediately. Balancer had previously expanded its functionality and reduced fees by deploying on the Optimism network in June of the previous year.
This move aimed to enhance the user experience and make the platform more accessible to a wider audience. Balancer, a prominent automated market maker and decentralized finance protocol on the Ethereum network faced a significant setback when it fell victim to an exploit that resulted in the loss of almost $900,000. The incident occurred shortly after the protocol had disclosed a vulnerability affecting multiple pools.
Balancer’s response included mitigation measures and recommendations for users to withdraw funds from the affected pools. This breach highlights the ongoing challenges and security concerns faced by DeFi protocols as they strive to provide robust and secure financial services on blockchain networks.