Ethereum automated market maker Balancer lost nearly $900,000 worth of crypto in an exploit related to a critical vulnerability disclosed last week.
Blockchain security expert Meir Dolev revealed details of the exploiter’s transactions, which took place on Aug. 27. On-chain data shows that the address in question received two transfers of Maker stablecoin DAI, taking his or her total balance to $894,289 at the time of writing.
The attacker continues with his operation, approx $900K affected, more than $600K moved to this address
— Meir Dolev (@Meir_Dv) August 27, 2023
The Balancer team said it would not be able to pause the affected pools despite being aware of the exploit related to the vulnerability. The team urged users to withdraw their funds from affected liquidity pools to prevent further exploits.
Although Balancer’s initial disclosure of the vulnerability led to users quickly withdrawing significant amounts of capital, and brought the affected pool of assets down to just 0.08% of its Total Value Locked, some market participants questioned why the protocol drew attention to the issue in the first place.
Why are protocols disclosing vulnerabilities to the public via Twitter?
This is like asking hackers to come exploit…
Sad to see Balancer affected, but it’s a small amount in the grand scheme of things
The DeFi Wild Wild West continues🤠
— Andy 🦇🔊 (@ayyyeandy) August 27, 2023
The vulnerability affects boosted pools on Mainnet, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom and zkEVM.
Although the Balancer team is yet to release a full post-mortem on the vulnerability, Web3 audit firm Hacken said that the root cause has been identified and the team is working on it.
“But at the moment it is impossible to ensure the complete safety of clients’ funds. To avoid possible losses, withdraw affected LPs immediately,” said Hacken on X.