Discover how Balancer, a popular Ethereum automatic market maker protocol, responded to an unauthorized outflow of funds following a vulnerability alert.
Learn about the impact of this incident and the essential steps taken to mitigate future risks.
Contents
On August 27th, the Ethereum-based automatic market maker protocol and decentralized finance protocol, Balancer, announced an unauthorized outflow of about $900,000.
This disclosure came after Balancer had recently reported vulnerabilities affecting several of their pools.
The Ethereum address believed to be behind this attack was revealed by blockchain security expert, Meier Drev.
Following the attack, this address received two transfers of the stablecoin DAI, totaling $893,978 - $636,812 and $257,527 respectively.
Balancer's team released a statement on platform "X," emphasizing that while their recent mitigation measures significantly reduced risks, they couldn't temporarily halt the affected pools.
They further advised, "To prevent further unauthorized usage, users should withdraw their funds from affected liquidity providers."
Initial Vulnerability Exposure and Its Implications
Balancer first disclosed a critical vulnerability concerning their pools on August 22nd.
This risk encompassed assets deployed across multiple platforms, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM.
On the day the vulnerability was detected, 1.4% of Balancer's total assets, approximately $5 million, were exposed to risk.
By August 24th, it was understood that $2.8 million or 0.42% of the total assets remained at risk. Balancer urged its users, "Pools where measures have been taken are considered safe.
However, we strongly recommend a swift transition to safe pools or withdrawal. Pools that couldn't be secured are marked 'at risk,' and users invested in these pools should immediately exit."