The Balancer code issue resulted in losses exceeding 100 million, delivering a nearly devastating blow to the DeFi industry.

CN
律动BlockBeats
Follow
20 hours ago

Original Title: "Long-established DeFi Falls: Balancer V2 Contract Vulnerability, Over $116 Million in Assets Stolen"

Original Author: Wenser, Odaily Planet Daily

Note from Rhythm: Today, the DeFi protocol Balancer was attacked by hackers, with the amount of stolen funds exceeding $116 million. Multiple projects have taken self-rescue measures: Lido has withdrawn its unaffected Balancer positions; Berachain has directly announced a network suspension for an emergency hard fork to fix vulnerabilities related to Balancer V2 on BEX. Additionally, Hasu, Strategic Director of Flashbots and Strategic Advisor to Lido, stated, "Balancer v2 launched in 2021 and has since become one of the most watched and frequently forked smart contracts. This is very concerning. Whenever a contract that has been live for so long is attacked, it (naturally) sets back the adoption process of DeFi by 6 to 12 months." Below is the original content:

On November 3, the long-established DeFi protocol Balancer was reported to have over $70 million in assets stolen. Subsequently, this news was confirmed by multiple parties, and the amount of stolen funds continued to rise. As of the time of writing, the amount of stolen assets from Balancer has increased to over $116 million. Odaily Planet Daily will provide a brief analysis of this matter in this article.

Details of the Balancer Theft: Losses Exceeding $116 Million, Mainly Due to V2 Pool Smart Contract Vulnerability

According to on-chain information, the amount of funds stolen by the Balancer attacker has currently exceeded $116 million, with the main stolen assets including WETH, wstETH, osETH, frxETH, rsETH, and rETH, distributed across multiple chains such as ETH, Base, and Sonic, among which:

  • Stolen assets on the Ethereum chain: nearly $100 million;
  • Stolen assets on the Arbitrum chain: nearly $8 million;
  • Stolen assets on the Base chain: nearly $3.95 million;
  • Stolen assets on the Sonic chain: over $3.4 million;
  • Stolen assets on the Optimism chain: nearly $1.57 million;
  • Stolen assets on the Polygon chain: around $230,000.

Crypto KOL Adi stated that preliminary investigations show that the attack primarily targeted Balancer's V2 vault and liquidity pools, exploiting vulnerabilities in smart contract interactions. On-chain investigators pointed out that a maliciously deployed contract manipulated the Vault call during the liquidity pool initialization. Incorrect authorization and callback handling allowed the attacker to bypass protective measures, enabling unauthorized swaps or balance manipulations between interconnected liquidity pools, resulting in rapid asset theft within minutes.

Based on existing information, there is no evidence of private key leakage; this is purely a smart contract vulnerability.

Kebabsec auditor and Citrea developer @okkothejawa also stated, "The check error mentioned by @moo9000 may not be the root cause, as in all 'manageUserBalance' calls, ops.sender == msg.sender. The security vulnerability may have occurred in transactions prior to the creation of the contract for withdrawing assets, as it led to some state changes in the Balancer vault."

The Balancer official team also responded, stating: "The official team is aware of the potential vulnerabilities affecting Balancer v2 pools. Our engineering and security teams are prioritizing the investigation. We will share verified updates and follow-up steps as soon as we have more information."

Berachain, which faces potential asset damage risks, also responded promptly. After the Berachain Foundation's announcement, Berachain founder Smokey The Bera stated, "The Bera node group has proactively suspended the public chain operation to prevent the Balancer vulnerability from affecting BEX (mainly the USDe three pools).

  • Let the Ethena team disable the Bera bridge
  • Disable/pause USDe deposits in the lending market
  • Suspend HONEY token minting and exchanges
  • Communicate with CEXs to ensure the hacker's address is blacklisted

Our goal is to recover funds as soon as possible and ensure the safety of all LPs. The Berachain team will release binaries to relevant node validators and service providers as soon as they are ready (since this pool contains non-native assets, it involves some slot reconstruction, not just modifying Bera token balances)."

For more on-chain information about the Balancer attacker, see: https://intel.arkm.com/explorer/entity/cd756cb8-6a84-4f40-9361-f6c548544430

The Most Anxious People After the Balancer Theft Are Crypto Whales

As a long-established DeFi protocol, Balancer's users are undoubtedly the most directly affected by this theft incident. For current users, the actions they can take include:

  • Withdraw funds from the Balancer v2 pool to avoid further losses;
  • Revoke authorizations: Use Revoke, DeBank, or Etherscan to cancel the smart contract permissions of the Balancer address to avoid potential security risks;
  • Stay alert: Closely monitor the next moves of the Balancer attacker and whether it will have a cascading effect on other DeFi protocols.

Additionally, a sleeping crypto whale that had been dormant for three years has attracted market attention during this theft incident.

According to LookonChain monitoring, a dormant crypto whale 0x0090 has just awakened after the Balancer platform vulnerability occurred, eager to withdraw its $6.5 million in related assets from Balancer. On-chain information can be found here: https://intel.arkm.com/explorer/address/0x009023dA14A3C9f448B75f33cEb9291c21373bD8

Subsequent Developments: Hackers Begin Token Exchange Mode

According to on-chain analyst Yu Jin's monitoring, the hacker involved in the Balancer theft has begun attempting to exchange various liquid staking tokens (LST) for ETH. Previously, they exchanged 10 osETH for 10.55 ETH.

On-chain information shows that the hacker is continuously exchanging stolen assets across multiple chains for ETH, USDC, and other assets through Cow Protocol. Currently, the hope of recovering these stolen assets seems quite slim.

Moving forward, whether Balancer can promptly identify the protocol contract vulnerabilities and quickly recover the stolen assets or provide corresponding solutions will be closely followed by Odaily Planet Daily.

Original Link

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarOdaily星球日报
22 minutes ago
XT.com and Dash Discuss: Instant Settlement, Chain Lock Mechanism, and Innovations in Privacy
avatar
avatar律动BlockBeats
41 minutes ago
Is Bitcoin really going to 90,000? Why is it still falling?
avatar
avatarAiCoin
47 minutes ago
Mainstream coins are bleeding, while altcoins are "banding together for warmth."
avatar
avatarOdaily星球日报
52 minutes ago
Coin Stock Weekly Report | Bitmine increased its holdings by over 112,000 ETH last week, with an average price of about $3,923; crypto mining company IREN signed a $9.7 billion agreement with Microsoft to provide cloud computing services in Texas (November 4).
avatar
avatar律动BlockBeats
1 hour ago
Is the strategy of no longer "crazy buying" the reason for this drop in Bitcoin?
APP

X

Telegram

Facebook

Reddit

CopyLink