Key Insights:
Another decentralized finance (DeFi) exploit has hit the crypto market, with Balancer the latest victim. The Ethereum-based DeFi protocol was exploited and almost lost $900,000.
Just some days ago, Balancer had warned about a possible vulnerability affecting its boosted pools. This time around, the event happened.
An announcement confirming the incident involving the protocol was made on the social media platform X (previously called Twitter) on August 27.
The protocol's team immediately addressed the crisis by affirming the hack. Although they made a concerted effort to control the damage, they also admitted it couldn't be undone.
"Balancer is aware of an exploit related to the vulnerability below," the protocol's team posted on X.
It also added that although mitigation measures implemented in the previous days had substantially reduced risks, affected pools could not be paused.
"To prevent further exploits, users must withdraw from affected LPs."
On the bright side, a blockchain security expert, Meier Dolev, had allegedly figured out an Ethereum address that belonged to the attacker. After the exploit, the address was the recipient of two transfers of Dai stablecoin worth $636,812 and $257,527, respectively, which adds up their total balance to more than $893,978.
Yet, this incident didn't come out of the blues.
On August 22, Balancer disclosed the critical flaw. This led to a necessary warning for users to withdraw funds from liquidity providers and led to the brief suspension of pools.
At first, upon discovering the vulnerability, the risk assessment observed that only 1.4% of the total assets faced exposure, totaling over $5 million. Nevertheless, as of 24 August, a considerable risk remained, with at least $2.8 million remaining susceptible, accounting for 0.42% of the total locked value (TVL).
Balancer warned their users, talking about the status of their funds across several pools.
The funds in the labeled 'mitigated' pools were categorized as safe. Whereas the pools called 'at risk' were, as the name implied, at risk. Therefore, users were encouraged to leave to more safe pools or activate fund withdrawals.
Balancer joins an already infamous list of DeFi firms breached in 2023.
Blockchain security firm PeckShield announced that $480 million was stolen from DeFi projects in H1 2023. According to the report, the attacks mostly came in the form of logic bugs, oracle manipulation, and privilege exposure.
Logic errors are simply blunders the developer makes when coding a smart contract. The mistakes can be consequential if hackers utilize them to redirect funds.
Oracle manipulation involves modifying the quality and speed of incoming data to impact a smart contract's decisionss.
Although the figures are lower than the ones recorded last year, they are still quite significant.
Admittedly, there is a notable improvement in reducing the funds lost to DeFi hacks. In fact, on many occasions, some stolen funds eventually end up being recovered by the companies.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information but will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.