DeFi’s Balancer Pool Hacker Drains Funds Worth About $500k
DeFi platform Balancer’s multi-token pools were under attack after a hacker drained about $500k worth of funds.
Sophisticated Smart Contract Engineer Behind The Hack?
Decentralized Finance [DeFi] has been in the news lately following the launch of two prominent governance tokens from lending protocol Compound Finance as well as decentralized exchange Balancer. Compound’s COMP token was the first to hit the market and still has the entire DeFi space under its dominance.
While Balancer was also seen doing well, the platform revealed a recent glitch that it experienced. Balancer Labs revealed that an attacker had drained funds worth of about $500,000 from two pools that sustained deflationary tokens. The tokens in these pools were STA and STONK tokens.
Pools with the aforementioned tokens with transfer fees were reportedly the only ones to be affected by the hack. The platform’s co-founder, Mike McDonald elaborated on the same in a recent blog post.
A hacker reportedly carried this out via two different transactions. The hacker acquired a loan of 23 million USD worth of Ether from decentralized borrowing and lending platform dYdX. WETH, as well as STA, was further traded continuously for about 24 times in extensive volumes, causing the STA balance in the pool to plummet to a low of 0.000000000000000001 STA. Each time WETH was converted into STA the Balancer Pool gained 1 percent less STA than the conventional amount.
1inch, a DEX aggregator elaborated on the same in his Medium post and stated,
“As the next step, the attacker swapped 1 weiSTA to WETH multiple times. Due to STA token transfer fee implementation, the pool never received STA but released WETH regardless. The same step was repeated to drain WBTC, SNX and LINK token balances from the pool.”
Even though Balancer wasn’t aware of the possibility of such an attack, the platform claims to have warned the users about the “unintended effects ERC20s with transfer fees could have in the protocol.”
1inch believes that the attack was carried out by a “sophisticated smart contract engineer” who had immense knowledge about the DeFi space and its protocols. The stolen funds were further transferred to the address, 0xBF675C80540111A310B06e1482f9127eF4E7469A.
Furthermore, Balancer suggested that the platform would be adding transfer fee tokens to the UI blacklist, more documentation pertaining to the working of the pools, and even concocted a 3rd audit that would take place before today.
Instant Currency Exchange at BestChange with Ease
- Compare Rates Across 1000+ Exchanges
- Access 250+ Cryptocurrencies & Pairs
- Save Time with Real-Time Price Tracking
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more… to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Delivered every day.
- Insights that move markets
- 100,000 active subscribers
