Original Title: "Old DeFi Protocol Falls: Balancer V2 Contract Vulnerability Leads to Over $116 Million in Assets Stolen"

Original Author: Wenser, Odaily Planet Daily

On November 3, the well-established DeFi protocol Balancer was reported to have over $70 million in assets stolen. This news was subsequently confirmed by multiple sources, and the scale of the stolen funds continued to rise. As of the time of writing, the amount of stolen assets from Balancer has increased to over $116 million. Odaily Planet Daily will provide a brief analysis of this incident in this article.

Details of the Balancer Theft: Losses Exceeding $116 Million, Primarily Due to V2 Pool Smart Contract Vulnerability

According to on-chain information, the scale of funds stolen by the Balancer attacker has now surpassed $116 million, with the main stolen assets including WETH, wstETH, osETH, frxETH, rsETH, and rETH, distributed across multiple chains such as ETH, Base, and Sonic, including:

• Stolen assets on the Ethereum chain: approximately $100 million;
• Stolen assets on the Arbitrum chain: approximately $8 million;
• Stolen assets on the Base chain: approximately $3.95 million;
• Stolen assets on the Sonic chain: over $3.4 million;
• Stolen assets on the Optimism chain: approximately $1.57 million;
• Stolen assets on the Polygon chain: around $230,000.

Crypto KOL Adi stated that preliminary investigations show that the attack primarily targeted Balancer's V2 vault and liquidity pools, exploiting vulnerabilities in smart contract interactions. On-chain investigators pointed out that a maliciously deployed contract manipulated the Vault call during the liquidity pool initialization. Incorrect authorization and callback handling allowed the attacker to bypass protective measures, enabling unauthorized swaps or balance manipulations between interconnected liquidity pools, resulting in rapid asset theft within minutes.

Based on the current information, there is no evidence of private key leakage; this is purely a smart contract vulnerability.

Kebabsec audit firm auditor and citrea developer @okkothejawa also stated, "The check error mentioned by @moo9000 may not be the root cause, as in all 'manageUserBalance' calls, ops.sender == msg.sender. The security vulnerability may have occurred in the transaction prior to the creation of the contract for withdrawing assets, as it led to some state changes in the Balancer vault."

The Balancer team also responded, stating: "The official team is aware of the potential vulnerability affecting the Balancer v2 pool. Our engineering and security teams are prioritizing the investigation. We will share verified updates and next steps as soon as we have more information."

Berachain, which has potential asset damage risks, also responded promptly. After the Berachain Foundation's announcement, Berachain founder Smokey The Bera stated, "The Bera node group has proactively suspended the public chain operation to prevent the Balancer vulnerability from affecting BEX (mainly the USDe three pools).

• Let the Ethena team disable the Bera bridge
• Disable/pause USDe deposits in the lending market
• Suspend HONEY token minting and exchanges
• Communicate with CEX and others to ensure the hacker's address is blacklisted

Our goal is to recover funds as soon as possible and ensure the safety of all LPs. The Berachain team will release binaries to relevant node validators and service providers as soon as they are ready (since the pool contains non-native assets, this involves some slot reconstruction, not just modifying the Bera token balance)."

For detailed on-chain information about the Balancer attacker, see: https://intel.arkm.com/explorer/entity/cd756cb8-6a84-4f40-9361-f6c548544430

Balancer Theft: The Most Anxious Are Crypto Whales

As a well-established DeFi protocol, Balancer's users are undoubtedly the most directly affected by this theft incident. For current users, the actions they can take include:

• Withdrawing funds from the Balancer v2 pool to avoid further losses;
• Revoking authorizations: Use Revoke, DeBank, or Etherscan to cancel the smart contract permissions of the Balancer address to avoid potential security risks;
• Staying alert: Closely monitor the next moves of the Balancer attacker and whether it will have a cascading effect on other DeFi protocols.

Additionally, a sleeping crypto whale that had been dormant for three years has attracted market attention during this theft incident.

According to LookonChain monitoring, a dormant crypto whale, 0x0090, just awakened after the Balancer platform vulnerability occurred, eager to withdraw its $6.5 million in related assets from Balancer. On-chain information can be found at: https://intel.arkm.com/explorer/address/0x009023dA14A3C9f448B75f33cEb9291c21373bD8

Follow-up Developments: Hackers Begin Token Exchange Mode

According to on-chain analyst Yu Jin's monitoring, the hacker involved in the Balancer theft has begun attempting to exchange various liquid staking tokens (LST) for ETH. Previously, they exchanged 10 osETH for 10.55 ETH.

On-chain information shows that the hacker is continuously exchanging stolen assets across multiple chains for ETH, USDC, and other assets through Cow Protocol. Currently, the hope of recovering these stolen assets seems quite slim.

In the future, whether Balancer can promptly identify the protocol contract vulnerability and quickly recover the stolen assets or provide corresponding solutions will be continuously followed by Odaily Planet Daily.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。