CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • Fund
  • Buy
  • Language
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • Bitcoin Price Analysis
  • CryptoPotato Crypto Fund
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • bitcoin
    BTC$48,234.00
  • ethereum
    ETH$1,523.65
    • Market Updates
    • BTC Analysis
    • ETH Analysis
    • XRP Analysis
    • Interviews
    Home » Crypto News » Rising DeFi Protocol Balancer Loses $500,000 To Hacker In Pool Exploit (Updated)

    Rising DeFi Protocol Balancer Loses $500,000 To Hacker In Pool Exploit (Updated)

    Author: Mandy Williams

    Last Updated Jan 31, 2021 @ 14:00

    The Decentralized Finance (DeFi) ecosystem has once again come under attack as a decentralized automated market maker exchange suffered losses close to half a million dollars yesterday.

    Balancer Lost $500k In Pool Vulnerability

    DeFi project Balancer has lost about $500,000 worth of multiple tokens to a hacker due to a vulnerability in two of Balancer’s pools. News about the hack emerged on social media on Sunday evening, but Balancer did not issue an official report until this morning.

    According to the report, the attacker only stole funds from two pools containing STA and STONK, known as “deflationary tokens” or “transfer fees.” Balancer claims the vulnerability only affects pools “where a token has these transfer fees.”

    A Similar Pattern

    The perpetrator adopted a similar exploitation method used on other DeFi protocols in the past. He used Tornado Cash to obtain the initial funds which he used to deploy smart contracts and conduct the attack. This way, he was able to hide the source of his ETH, DEX Aggregator 1inch explained.

    Using the smart contracts, he obtained a flash loan of 104K ETH (appr $23.2 million) from decentralized lending protocol dYdX and converted it to WETH, an Ether-pegged stablecoin. After that, he started trading WETH and STA continuously in increasing quantities.

    ADVERTISEMENT

    As reported, STA has a transfer fee on each trade, and the pool expects it to receive a balance without the fee. Balancer further explained that “after enough calls, the attacker calls gulp() which syncs the internal pool accounting of a token balance to the actual balance is stored in the token tracker contract.”

    Since STA’s balance is almost nothing, its value relative to other tokens is extremely high. This allowed the hacker to drain funds by swapping STA for other cryptocurrencies in the pool, including ETH, WBTC, LINK, and SNX.

    After completing his mission, the attacker quickly repaid the $104K flash loan to dYdX, and the stolen funds were transferred to unknown addresses.

    Balancer’s Fault?

    In its update, Balancer claimed it is not aware that this type of attack was possible. However, a Twitter user argued that the hacker was able to exploit the vulnerability because Balancer Labs refused to acknowledge the detailed attack vector report, which he submitted to the project during its bug bounty program in May.

    Responding to the tweet, Mike McDonald, the co-founder and CTO of Balancer, said the submitted bug report covered issues they were already aware of, so they warned about the unintended effects of ERC20 tokens with transfer fees could have on the network.

    4th Largest DeFi Project

    Despite the attack, Balancer is now the fourth largest DeFi project on Ethereum with over $116 million worth of ETH locked in the protocol, which is almost a 100% increase in one week.

    Balancer launched its governance token BAL on June 23. Following the launch, BAL’s price recorded more than 200% growth, moving from $6.65 to $22.28 in one day.

    Update: 

    The team behind Balancer has decided to reimburse the liquidity providers who lost funds.

    After thorough discussions with the community, the Balancer Labs team decided that it will fully reimburse all the liquidity providers who lost funds in the attack of yesterday. We will also pay out the highest bug bounty available for @Hex_Capital

    More details on the…

    — Balancer Labs (@BalancerLabs) June 29, 2020

    SPECIAL OFFER (Sponsored)
    Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

    PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

    You Might Also Like:

    • hack_attack
      Breaking: DeFi Protocol Harvest Finance Attack Targeting Liquidity Pools
    • 4 Things That Could Cause the DeFi Bubble to Pop
    • synthetix_cover
      Unraveling DeFi: An Interview With Synthetix About How Synths Work
    Tags: DeFi Security
    Enjoy reading? Share with your friends
    Facebook Twitter LinkedIn Telegram

    About The Author

    Mandy Williams
    More posts by this author

    Mandy Williams is a freelance writer and a crypto fanatic. Mandy believes in the disrupting power of cryptocurrencies and blockchain technology; hence she's on a mission to help spread the good news about the crypto industry. She loves teaching and currently pursuing a career in marketing. Contact Mandy: Twitter

  • bitcoin
    BTC$48,234.00
  • ethereum
    ETH$1,523.65
  • Join Our Community

    FacebookTwitter YouTubeTelegram


    ADVERTISEMENT
    pionexb
    2local
    Bitcoin Editorials
    What is Dogecoin (DOGE)? 5 Facts About the Crypto That Started as a Joke 

    What is Dogecoin (DOGE)? 5 Facts About the Crypto That Started as a Joke 

    The Laser Eyes Meme: Not a Coincidence That This Marked a Local Top for Bitcoin (Opinion)

    The Laser Eyes Meme: Not a Coincidence That This Marked a Local Top for Bitcoin (Opinion)

    What Are the Risks of Governance Tokens? (Opinion)

    What Are the Risks of Governance Tokens? (Opinion)

    The Bitcoin Bubble Effect: Yes, We Are in a Very Early Stage (Opinion)

    The Bitcoin Bubble Effect: Yes, We Are in a Very Early Stage (Opinion)

    Will Bitcoin Price Rally Continue In 2021? 8 Key Considerations

    Will Bitcoin Price Rally Continue In 2021? 8 Key Considerations

    Join Our Newsletter
    Become a CryptoPotato VIP
    One Weekly Email Can Change Your Crypto Life.
    Sign-up FREE to receive our extended weekly market update and coin analysis report
    We NEVER send spam. You can unsubscribe at any time.
    Invalid email address
    Thanks for subscribing!
    About
    Advertise on CryptoPotato
    About Us | Contact Us

    Terms of service | Privacy Policy | GDPR
    More Sections
    IEO List | Evaluations
    Airdrops
    Scholarship
    Cannabis Stocks News | Market Analysis
    Disclaimer
    Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
    © Copyright CryptoPotato 2016 - 2021
    Scroll to top
    One Weekly Email Can Change Your Crypto Life.

    Sign-up FREE to receive our extended weekly market update and coin analysis report

    We never send SPAM. You can unsubscribe at any moment
    Invalid email address
    Thanks for subscribing!