The decentralized finance (DeFi) protocol and market maker Balancer recently suffered a significant exploit, resulting in the loss of over $120 million in digital assets.
According to blockchain security firms, the total losses have now reached approximately $128 million, with ongoing withdrawals from the attacker’s wallet still being reported.
Balancer is committed to operational security, has undergone extensive auditing by top firms, and had bug bounties running for a long time to incentivize independent auditors. We are working closely with our security and legal teams to ensure user safety and are conducting a swift & thorough investigation. We’re grateful to our partners and the broader DeFi community for their support.
The company’s Chief Executive, Deddy Lavid, explained that the ongoing drain of funds likely results from compromised access control mechanisms within the protocol, which allowed the attackers to manipulate balances directly.
As a result, unauthorized swaps and balance manipulations occurred across interconnected pools, enabling the rapid drainage of assets within minutes.
The design of Balancer’s protocol, which allows for heavy interaction among its pools, exacerbated the impact of the exploit, according to Adi Flips’ analysis.
Importantly, there is currently no evidence suggesting that a private key was compromised. The expert noted that this incident appears to be a pure smart contract exploit.
According to ongoing investigations, the estimated total theft of the main assets, including wrapped Ethereum (WETH), staked Ethereum (wstETH), osETH, frxETH, rsETH, and rETH, is between $116 million and $128 million.
Featured image from DALL-E, chart from TradingView.com
