Balancer, an Ethereum automated market maker and decentralized finance protocol, has suffered an exploit resulting in a loss of nearly $900,000. The exploit was confirmed by the protocol on August 27 through a statement on X (formerly known as Twitter). This breach comes shortly After Balancer disclosed a vulnerability affecting multiple mining pools.
Meier Dolev, a blockchain security expert, has identified an Ethereum address allegedly belonging to the attacker. After the breach, the address received transfers in the stablecoin Dai (DAI) totaling $636,812 and $257,527, pushing its balance to over $ 893,978.
The Balancer protocol team acknowledged the vulnerability and mentioned that recent mitigations have significantly reduced the risk, but suspending the affected mining pools is not feasible. They advised users to exit the impacted liquidity providers (LPs) to prevent further exploitation.
The protocol initially disclosed a critical bug related to its boost pool on August 22, urging users to withdraw funds from LPs and suspend the pool to mitigate potential harm. The assets on various networks such as Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis , Fantom, and zkEVM are at risk due to this vulnerability.
During the time of the discovery of the exploit, only 1.4% of the total assets were endangered, representing assets valued at over $5 million. However, by August 24, around $2.8 million (0.42% of the total value locked) were still vulnerable. Balancer is advising its users to migrate to safe pools or withdraw funds from at-risk pools and to act promptly to safeguard their assets.
Deployed on the Optimism network in June, the Balancer protocol aims to enhance user functionality and reduce fees within the decentralized finance space.
