Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Update November 3, 9:47 am UTC: This article has been updated to add the latest figures, Balancer’s white hat award offer and comments from Nicolai Sondergaard, research analyst at Nansen.
Update November 3, 9:21 am UTC: This article has been updated to include a section on the Flash Balancer loan attack from 2020.
The decentralized exchange (DEX) and the automated market balancer (AMM) were exploited, with more than $116 million of digital assets transferred to a newly created wallet.
“We are aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating it with high priority,” the Balancer team said in a Monday X. placeadding that he will share more updates as information becomes available.
Data Onchain initially showed that the decentralized finance (DeFi) the protocol was leveraged for $70.9 million worth of Ether liquid staked (ETH) tokens transferred to a new wallet in three transactions, according to to Etherscan logs.
The transfers include 6,850 StakeWise Staked ETH (OSETH), 6,590 Wrapped Ether (WETH) and 4,260 Lido wstETH (wSTETH), crypto intelligence platform Nansen said in a Monday X. place.
As of 8:52 am UTC on Monday, the ongoing exploit has grown to more than $116.6 million in stolen funds, according to to Lookonchain’s X post blockchain data platform.
The Balancer exploit may stem from problems with smart contracts that had a “faulty access control that allows the attacker to send a command to withdraw funds,” Nicolai Sondergaard, research analyst at Nansen, told Cointelegraph, adding:
“From what I see, the losses are now greater than $100 million and have affected Balancer v2 + various forks.”
Related: CZ sounds alarm as ‘SEAL’ team uncovers 60 fake IT workers linked to North Korea
Balancer offers a 20% white hat reward for the return of funds
In order to recover the funds, the team behind Balancer has offered a white hat reward of up to 20% of the stolen funds if the full amount, minus the reward, is returned immediately.
If the funds are not returned within 48 hours, Balancer said it will continue to cooperate with blockchain forensics specialists and law enforcement agencies to identify the culprit.
“Our partners have a high degree of confidence that you will be identified by the access log metadata collected by our infrastructure, which indicates connections from a defined set of IP addresses / ASN and associated entry timestamps that correlate with transaction activity on the chain.” he said Balancer in a blockchain transaction note on Monday.
Two years ago, Balancer suffered a domain name system (DNS) attack on its front-end website, the protocol revealed at the time. Hackers redirected website users to a phishing website associated with malicious smart contracts that aim to steal user funds.
About $238,000 worth of digital assets were stolen during the phishing attack, according to to blockchain sleuth ZachXBT.
In August 2023, Balancer too suffered a stalecoin exploit nearly $1 million, just a week after the protocol disclosed a “critical vulnerability” linked to some of its liquidity pools.
In June 2020, Balancer has been hacked for $500,000 of Ether and other tokens as part of a flash loan attack based on Statera deflation tokens (STA), where 1% of each transaction is automatically burned.
This is a developing story, and more information will be added as it becomes available.
Magazine: Coinbase hack shows the law probably won’t protect you – Here’s why
