Just a few days after revealing a security flaw impacting its enhanced pools, the decentralized finance platform Balancer fell victim to an attack. The protocol acknowledged on Aug. 27 through a platform formerly known as Twitter that it had suffered an exploit costing nearly $900,000.
Blockchain security specialist Meier Dolev identified an Ethereum address suspected to belong to the perpetrator. Subsequent to the attack, this address received two separate Dai (DAI) stablecoin transfers, totaling approximately $894,000.
In a public statement on the social media platform, Balancer’s team acknowledged the exploit connected to the previously announced vulnerability. They stated that although recent preventative steps had lessened the danger, the compromised pools couldn’t be halted. They advised users to withdraw from the affected liquidity pools to avoid further loss.
Balancer initially alerted the public to a significant security vulnerability affecting its enhanced pools on Aug. 22. The protocol urged users to remove their funds from liquidity providers and temporarily stopped some pools to limit potential harm. The flaw posed a risk to assets on several blockchains including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM. On the day the vulnerability was identified, assets worth more than $5 million, or 1.4% of total assets, were at risk. By Aug. 24, at least $2.8 million remained vulnerable, constituting 0.42% of the platform’s total value locked (TVL).
In a warning to its user base, Balancer stated: “We believe the funds in pools we’ve secured (marked as ‘mitigated’) are safe. However, we still strongly encourage a timely shift to secure pools or immediate withdrawal. Pools we could not secure are labeled as ‘at risk.’ If you are a liquidity provider in any of these pools, we advise you to exit without delay.”
Balancer expanded its services to the Optimism network in June of the previous year to enhance user experience and decrease transaction costs.