Balancer avoids $4.1M loss after discovering new attack vector
Balancer identified and mitigated a new attack vector, preventing a $4.1M loss shortly after suffering a $116M exploit in its V2 meta-stable pools due to flawed smart contracts. Collaborating with teams like CertoraInc and SEAL, Balancer utilized a white-hat approach to secure user funds, moving them to safe storage and labeling affected pools on Ethereum mainnet, Optimism, and Arbitrum as deprecated. Despite efforts to salvage funds with white-hat recovery, including BitFinding intercepting $1M in less than 5 seconds, the incident highlights ongoing vulnerabilities in DeFi protocols. This exploit reduced Balancer's liquidity to $322M, near pre-2021 levels, with its BAL token trading at $0.81. Increased fears over similar attacks on DeFi underscore the persistent risks in overlooked smart contract flaws despite previous audits.
Layer-1
Layer-2
Ethereum Layer-2
Decentralized Exchange
Balancer Prevents $4.1M Loss Amid New Attack Vector
Balancer successfully prevented a loss of $4.1M after discovering a new attack vector. Despite this, the platform has yet to disclose detailed information about the potential hack vulnerability. This action follows a previous significant exploit where Balancer suffered a $116M drain due to flawed smart contract functions.
Discovery and Flaw Recovery in V2 Meta-Stable Pools
The Balancer decentralized trading platform identified a flaw within its V2 meta-stable pools, prompting the initiation of a white-hack recovery process. This operation aimed to secure funds from vulnerable contracts. A new value-extraction path was discovered in connection to recent events, leading the Balancer team to collaborate with @CertoraInc and @_SEAL_Org for fund security. As of 7PM UTC, approximately $4.1M had been secured into controlled accounts, according to Balancer's official announcement.
Response to Exploitation and User Fund Safety
Balancer has successfully moved user funds to safe storage while eliminating the exploit risk. The affected pools were situated on the Ethereum mainnet, Optimism, and Arbitrum. Importantly, Balancer V3 pools remain unaffected, and the affected pools have been marked as deprecated. Users are urged to transition to similar pools on V3 to ensure safety.
White Hat Measures and External Collaboration
To prevent further losses, Balancer adopted a white hat strategy, involving collaborations with security entities such as BitFinding. BitFinding played a pivotal role in intercepting exploits worth $1M, utilizing their expertise to backrun hackers in less than 5 seconds. Reports suggest that white hat researchers may have collectively salvaged up to $20M in funds, securing them in safe wallets.
Impact on Liquidity and Token Performance
Following the hack, Balancer's total liquidity stands at just over $322M, a significant reduction that aligns with pre-2021 levels. Additionally, the BAL token has seen a decline, now trading near yearly lows at $0.81. Despite the setbacks, Balancer remains a key player in DeFi, albeit operating at reduced liquidity levels.
DeFi Industry's Broader Implications
The Balancer incident raises concerns about vulnerabilities in larger DeFi protocols. Although most major lending pools remain unaffected, fears of similar smart contract errors persist. Notably, some exploits manage to bypass multiple security audits, demonstrating that even certified platforms are not immune to risks. Balancer has experienced several exploits since 2023, partly due to its legacy technology that continues to carry inherent risks of exploitation.
Hacks Decline in October Amid Concerns of Future Attacks
Interestingly, the Balancer exploit followed a relatively calm October, where DeFi-related attacks dropped by 85%. However, this incident has renewed concerns about potential large-scale exploits in the future, especially targeting overlooked vulnerabilities in smart contracts.