On Monday, well-known decentralized exchange (DEX) Balancer announced it had been targeted the previous day, losing nearly $1 million. The hack came five days after the developers behind the project revealed a “serious vulnerability.” At the time, Balancer requested the DEX’s liquidity providers to remove their assets from the vulnerable pools.
Yesterday, the developers acknowledged the exploit, citing the vulnerability as the main cause.
Meanwhile, the founder of crypto security company Cyvers, Meir Dolev, has identified the Ethereum address of the hacker. Dolev says the exploiter’s address received three DAI transfers totaling roughly $985,789.
The third transfer was made on Monday morning, two hours after Balancer informed users of the exploit on X. Dolev believes the hacker is not done with attacking the protocol.
How Balancer Hacker Executed the Attack
In a long thread, Beosin blockchain security company explained that the hacker executed the exploit through several flash loan attacks. Such attacks happen when an exploiter borrows huge amounts of funds from a Decentralized Finance platform and then manipulates affected pools using the borrowed funds to steal funds from those pools.
Meanwhile, another blockchain security company, BlockSec, discovered that the amount of funds the hacker stole was higher than the figure mentioned by the Balance team on August 25. Last week, the DEX developers said the money that was exposed to the exploit amounted to about $565,000. However, recent reports suggest the attacker has so far made away with nearly $1 million.
BlockSec analysts say the gap in the token valuations could have been due to low liquidity. Nonetheless, they confirmed that the affected pools were those mentioned by Balancer’s developers a few days ago. Last Thursday, the DEX reported that only its boosted pools created on 8 blockchains were vulnerable to attacks.
For starters, a boosted pool is a liquidity pool that amplifies the returns for investors by lending liquidity to other decentralized finance protocols like Aave.
Balancer is still urging liquidity providers to withdraw their funds from pools, claiming it is the only way to keep the money safe. The DEX has provided a special user interface for users to remove their crypto assets as it tries to block the attacker from accessing the pools.
SureTradeGroup.com is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Some of the content on this site is paid content that is not written or posted by our writers or editors and the opinions expressed do not reflect the opinions of this website. Any disagreement you may have with brands or companies mentioned in articles will need to be taken care of directly with those specific brands and companies. The responsibility of anyone who may click links in our articles and ultimately sign up for that product or service is their own. Forex, Stocks, Cryptocurrencies, NFTs and Dogital Tokens are all a high-risk asset, investing in them can lead to losses. Readers should do their own research before taking any action.