Balancer Exploited Days after Asking Users to Withdraw Funds

Reading Time: 2 minutes
  • DeFi protocol Balancer has been exploited a few days after warning of a vulnerability in some of its liquidity pools
  • The platform lost nearly $900,000 and has acknowledged the exploit asking users to withdraw funds from compromised pools
  • The vulnerability warning saw users withdraw $100 million leaving roughly $10 million at risk

DeFi platform Balancer has suffered an exploit less than a week after disclosing a vulnerability in some of its liquidity pools. The security breach saw approximately $900,000 siphoned from the protocol with Balancer asking users of the affected pools to withdraw any remaining funds. The vulnerability warning last week saw users withdraw $100 million leaving $10 million at risk with Balancer saying that it’s impossible to pause affected pools, making it possible for the malicious actors to steal more funds.

Affected Pools Can’t be Paused

According to a blockchain sleuth Meier Dolev, the exploiter siphoned DAI coins worth more than $890,000 from the platform. Acknowledging the incident, Balancer revealed that it has erected “mitigation measures” but advised users to remove any remaining funds from the compromised pools saying that it’s unable to temporarily halt activities on these pools.

In its earlier warning, Balancer said that the vulnerability affected assets on eight chains including Arbitrum, Ethereum, Fantom and Polygon, adding that only 4% of its total value locked (TVL) was at risk.

Security Still an Issue

The exploit comes roughly three years after Balancer suffered a hack that drained roughly $500,000 from the platform in June 2020. It also comes at a time when even respected blockchain-focused projects are experiencing security breaches.

Atomic Wallet’s security, for example, was recently breached by the North Korean hacking group Lazarus which pocketed over $100 million. Curve Finance is also reeling from an exploit on its pools that leveraged a weakness on some versions of the Vyper programming language.

With millions of dollars still locked in the DeFi platform, losses from the exploit may reach millions of dollars.