Saturday , March 2 2024
Home / Altcoins / Balancer Drained for Almost $1M Days After Disclosing Vulnerability

Balancer Drained for Almost $1M Days After Disclosing Vulnerability

Summary:
On the 22nd of August, Balancer Labs – a non-custodial portfolio manager, liquidity provider, and price sensor – received reports of a massive vulnerability affecting several of its lending pools. At the time, no attacks had been carried out – but that changed recently. Community Alerted As soon as the exploit was discovered, Balancer devs published a warning to its users, noting that certain pools had already been marked as safe and promising a post-mortem of the situation as soon as a patch was ready. In order to ensure that their funds were safe, users were directed to a newly made portal that would allow them to check whether their holdings were at risk or not. However, the devs recommended that users temporarily withdraw their funds from all pools as an extra safety

Topics:
Cristian Lipciuc considers the following as important: , , ,

This could be interesting, too:

Wayne Jones writes Bitcoin Set for Correction Before Continuing Upward Trend, Predicts Galaxy Digital CEO

Cristian Lipciuc writes Citron Advises Investors to Short Coinbase (COIN) Stock

Chayanika Deka writes Binance Recovers .4 Billion in Digital Assets for Users Amid Deposit Errors

Andrew Throuvalas writes Bitcoin Set for 10 Months Of Face Melting FOMO, Says PlanB

On the 22nd of August, Balancer Labs – a non-custodial portfolio manager, liquidity provider, and price sensor – received reports of a massive vulnerability affecting several of its lending pools.

At the time, no attacks had been carried out – but that changed recently.

Community Alerted

As soon as the exploit was discovered, Balancer devs published a warning to its users, noting that certain pools had already been marked as safe and promising a post-mortem of the situation as soon as a patch was ready.

In order to ensure that their funds were safe, users were directed to a newly made portal that would allow them to check whether their holdings were at risk or not. However, the devs recommended that users temporarily withdraw their funds from all pools as an extra safety measure.

Unfortunately, this warning did not reach everyone’s ears, and the inevitable occurred almost a week later.

Exploit Confirmed By CyberSec Researchers

Last night, Balancer confirmed on X that an exploit had finally occurred and urged its users once again to withdraw their funds in order to prevent further exploits.

“Balancer is aware of an exploit related to the vulnerability below. Mitigation procedures have drastically reduced risks, but are unable to pause affected pools. To prevent further exploits, users must withdraw from affected LPs.”

The exploit was also confirmed by Meir Dolev, the founder and CTO of Web3 security firm CyverAI.

The attack was carried out via three separate DAI transactions, all leading back to the same wallet.

The first was by far the largest – worth over $600k. Two smaller transactions followed, costing the lending pools over $250k and $85k, respectively.

Although not as damaging as other exploits that took place earlier this year, the hacker still made off with a substantial amount of illicit funds.

Balancer’s community was, understandably, dismayed at the news, with some users recommending that the devs find a new industry to work in.

In total, the un-patched smart contract vulnerability cost Balancer more than $970k. The promised post-mortem report will also undoubtedly have to be redone to include the fact that this exploit was discovered by a separate bad actor – although the hacker in question was most likely tipped off by the warning posted on Balancer’s forum.

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *