Ethereum automated market maker and decentralized finance protocol Balancer was exploited for nearly $900,000, the protocol confirmed on X (formerly Twitter) on Aug. 27, just days after disclosing a vulnerability that affected several pools.
An Ethereum address allegedly belonging to the attacker has been revealed by blockchain security expert Meier Dolev. Following the exploit, the address received two transfers of Dai (DAI) stablecoin worth $636,812 and $257,527, respectively, bringing its total balance to over $893,978.
"Balancer is aware of an exploit related to the vulnerability below," the protocol's team posted on X, adding that while mitigation measures taken in recent days had drastically reduced risks, affected pools could not be paused. "To prevent further exploits, users must withdraw from affected LPs," it advised.
Balancer is aware of an exploit related to the vulnerability below.
Mitigation procedures have drastically reduced risks, but are unable to pause affected pools.
To prevent further exploits, users must withdraw from affected LPs.https://t.co/PDzX32gqeS https://t.co/b4CSqVFbDg
Balancer first disclosed a critical vulnerability affecting its boosted pools on Aug. 22, urging users to withdraw funds from liquidity providers (LPs) and pausing pools to mitigate potential damage. At risk were assets deployed on Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM.
On the day of the vulnerability discovery, only 1.4% of its total assets were at risk, representing over $5 million worth of asset exposure. On Aug. 24, at least $2.8 million, or 0.42% of its total value locked (TVL), were still at risk. Balancer warned its users on X:
The protocol was deployed on the Optimism network in June
Read more on cointelegraph.com