Decentralized finance protocol Balancer was exploited for nearly $900,000 on Sunday, a few days after a critical vulnerability was reported affecting a number of V2 pools.
Blockchain security expert Meier Dolev revealed the identity of the hacker who exploited the vulnerability.
The hacker’s Ethereum address came under scrutiny as it received two notable transfers of Dai (DAI) stablecoins, totaling $636,812 and $257,527, respectively. After these two transactions the balance on the address reached $893,978.
Balancer Protocol Alerted of a Critical Vulnerability
The Balancer protocol team had earlier issued a warning about a critical vulnerability affecting its boosted pools on August 22.
The team behind the protocol had advised users to withdraw funds from liquidity providers (LPs) and temporarily pause affected pools to minimize potential damages.
These vulnerable assets were spread across various networks, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM.
Upon the discovery of the vulnerability, a mere 1.4% of Balancer’s total assets faced exposure, equivalent to over $5 million.
Even as of August 24, a significant portion of approximately $2.8 million (0.42% of total value locked) was still susceptible to risk.
In an effort to minimize the risk, Balancer told its users that while funds in the mitigated pools were deemed secure, prompt migration to safe pools or withdrawal was strongly recommended.
Pools unable to undergo mitigation were duly labeled as ‘at risk’, urging LPs to exit such pools without delay.
The recent breach served as a reminder of the challenges DeFi platforms continue to face in terms of security and risk management.
Despite the protocol’s best efforts to mitigate the impact of the vulnerability, the exploit highlighted the importance of constant vigilance and the need for users to remain proactive in safeguarding their assets.
Earlier this month Exactly Protocol was exploited for over $12 million in a series of DeFi hacks that continue to plague the industry.