Original|Odaily Planet Daily (@OdailyChina)
On November 3, the well-established DeFi protocol Balancer was reported to have over $70 million in assets stolen. This news was subsequently confirmed by multiple parties, and the scale of the stolen funds continued to rise. As of the time of writing, the amount of stolen assets from Balancer has increased to over $116 million. Odaily Planet Daily will provide a brief analysis of this incident in this article.
Details of the Balancer Theft: Losses Exceeding $116 Million, Mainly Due to v2 Pool Smart Contract Vulnerability
According to on-chain information, the scale of funds stolen by the Balancer attacker has currently surpassed $116 million, with the main stolen assets including WETH, wstETH, osETH, frxETH, rsETH, and rETH, distributed across multiple chains such as ETH, Base, and Sonic, including:
- Stolen assets on the Ethereum chain: nearly $100 million;
- Stolen assets on the Arbitrum chain: nearly $8 million;
- Stolen assets on the Base chain: nearly $3.95 million;
- Stolen assets on the Sonic chain: over $3.4 million;
- Stolen assets on the Optimism chain: nearly $1.57 million;
- Stolen assets on the Polygon chain: around $230,000.
Crypto KOL Adi stated that preliminary investigations show that the attack primarily targeted Balancer's V2 vault and liquidity pools, exploiting vulnerabilities in smart contract interactions. On-chain investigators pointed out that a maliciously deployed contract manipulated the Vault call during the liquidity pool initialization. Incorrect authorization and callback handling allowed the attacker to bypass protective measures, enabling unauthorized swaps or balance manipulation between interconnected liquidity pools, resulting in rapid asset theft within minutes.
Based on the current information, there is no evidence of private key leakage; this is purely a smart contract vulnerability.
The Balancer official team also responded stating, “The official team is aware of the potential vulnerabilities affecting Balancer v2 pools. Our engineering and security teams are prioritizing the investigation. We will share verified updates and next steps as soon as more information is available.”
Smokey The Bera, founder of Berachain, stated, “The Bera node group has proactively suspended the public chain operation to prevent the Balancer vulnerability from affecting BEX (mainly the USDe three pools).
- Instruct the Ethena team to disable the Bera bridging
- Disable/pause USDe deposits in the lending market
- Suspend HONEY token minting and exchanges
- Communicate with CEXs to ensure the hacker's address is blacklisted
Our goal is to recover funds as soon as possible and ensure the safety of all LPs. The Berachain team will release binaries to relevant node validators and service providers as soon as they are ready (since the pool contains non-native assets, this involves some slot reconstruction, not just modifying the Bera token balance).”
For more on-chain information about the Balancer attacker, see: https://intel.arkm.com/explorer/entity/cd756cb8-6a84-4f40-9361-f6c548544430
The Most Anxious People After the Balancer Theft Are Crypto Whales
As a long-established DeFi protocol, Balancer's users are undoubtedly the most directly affected by this theft incident. For current users, the actions they can take include:
- Withdraw funds from the Balancer v2 pool to avoid further losses;
- Revoke authorizations: Use Revoke, DeBank, or Etherscan to cancel the smart contract permissions of the Balancer address to avoid potential security risks;
- Stay alert: Closely monitor the next moves of the Balancer attacker and whether it will cause a chain reaction affecting other DeFi protocols.
Additionally, a sleeping crypto whale that had been dormant for three years has attracted market attention during this theft incident.
According to LookonChain monitoring, a dormant crypto whale, 0x0090, just awakened after the Balancer platform vulnerability occurred, eager to withdraw its $6.5 million in related assets from Balancer. On-chain information can be found at: https://intel.arkm.com/explorer/address/0x009023dA14A3C9f448B75f33cEb9291c21373bD8
Subsequent Developments: Hacker Begins Operations
According to on-chain analyst Yu Jin monitoring, the hacker involved in the Balancer theft has begun attempting to exchange various liquid staking tokens (LST) for ETH. Previously, they exchanged 10 osETH for 10.55 ETH.
On-chain information shows that the hacker is continuously exchanging stolen assets across multiple chains for ETH, USDC, and other assets through Cow Protocol. Currently, the hope of recovering these stolen assets seems quite slim.
Moving forward, whether Balancer can promptly identify the protocol contract vulnerabilities and quickly recover the stolen assets or provide corresponding solutions will be closely followed by Odaily Planet Daily.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
