The Balancer code issue resulted in losses exceeding 100 million, delivering a nearly devastating blow to the DeFi industry.

CN
链捕手
Follow
16 hours ago

Original Title: "Old DeFi Protocol Falls: Balancer V2 Contract Vulnerability, Over $116 Million in Assets Stolen"
Original Author: Wenser, Odaily Planet Daily

Note: Today, the DeFi protocol Balancer was attacked by hackers, with the amount of stolen funds exceeding $116 million. Multiple projects have taken self-rescue measures: Lido has withdrawn its unaffected Balancer positions; Berachain has directly announced a network suspension for an emergency hard fork to fix vulnerabilities related to Balancer V2 on BEX.

In addition, Hasu, Strategic Director of Flashbots and Strategic Advisor to Lido, stated, "Balancer V2 went live in 2021 and has since become one of the most watched and frequently forked smart contracts. This is very concerning. Every time a contract that has been live for so long is attacked, it sets back the adoption process of DeFi by 6 to 12 months."

The following is the original content:

On November 3, the old DeFi protocol Balancer was reported to have over $70 million in assets stolen. Subsequently, this news was confirmed by multiple parties, and the amount of stolen funds continued to rise. As of the time of writing, the amount of stolen assets from Balancer has increased to over $116 million. This article provides a brief analysis of the incident.

Details of the Balancer Theft: Losses Exceeding $116 Million, Mainly Due to V2 Pool Smart Contract Vulnerability

According to on-chain information, the scale of funds stolen by the Balancer attacker has now exceeded $116 million, with the main stolen assets including WETH, wstETH, osETH, frxETH, rsETH, and rETH, distributed across multiple chains such as ETH, Base, and Sonic, including:

  • · Stolen assets on the Ethereum chain: nearly $100 million;
  • · Stolen assets on the Arbitrum chain: nearly $8 million;
  • · Stolen assets on the Base chain: nearly $3.95 million;
  • · Stolen assets on the Sonic chain: over $3.4 million;
  • · Stolen assets on the Optimism chain: nearly $1.57 million;
  • · Stolen assets on the Polygon chain: around $230,000.

Crypto KOL Adi stated that preliminary investigations show that the attack primarily targeted Balancer's V2 vault and liquidity pools, exploiting vulnerabilities in smart contract interactions. On-chain investigators pointed out that a maliciously deployed contract manipulated the Vault call during the liquidity pool initialization. Incorrect authorization and callback handling allowed the attacker to bypass protective measures, enabling unauthorized swaps or balance manipulations between interconnected liquidity pools, resulting in rapid asset theft within minutes.

Based on existing information, there is no evidence of private key leakage; this is purely a smart contract vulnerability.

Kebabsec audit firm auditor and citrea developer @okkothejawa also stated, "The check error mentioned by @moo9000 may not be the root cause, as in all 'manageUserBalance' calls, ops.sender == msg.sender. The security vulnerability may have occurred in transactions prior to the creation of the contract for withdrawing assets, as it led to some state changes in the Balancer vault."

The Balancer official team also responded, stating: "The official team is aware of the potential vulnerabilities affecting the Balancer V2 pool. Our engineering and security teams are prioritizing the investigation. We will share verified updates and follow-up steps as soon as we have more information."

Berachain, which faces potential asset damage risks, also responded promptly. After the Berachain Foundation's announcement, Berachain founder Smokey The Bera stated, "The Bera node group has proactively suspended the public chain operation to prevent the Balancer vulnerability from affecting BEX (mainly the USDe three pools).

  • · Instruct the Ethena team to disable the Bera bridge
  • · Disable/pause USDe deposits in the lending market
  • · Suspend HONEY token minting and exchanges
  • · Communicate with CEX and others to ensure the hacker's address is blacklisted

Our goal is to recover funds as soon as possible and ensure the safety of all LPs. The Berachain team will release binaries to relevant node validators and service providers as soon as they are ready (since this pool contains non-native assets, it involves some slot reconstruction, not just modifying Bera token balances)."

For detailed on-chain information about the Balancer attacker, see: https://intel.arkm.com/explorer/entity/cd756cb8-6a84-4f40-9361-f6c548544430

The Most Anxious People After the Balancer Theft Are Crypto Whales

As an established DeFi protocol, Balancer's users are undoubtedly the most directly affected by this theft incident. For current users, the actions they can take include:

  • · Withdraw funds from the Balancer V2 pool to avoid further losses;
  • · Revoke authorizations: Use Revoke, DeBank, or Etherscan to cancel the smart contract permissions of the Balancer address to avoid potential security risks;
  • · Stay alert: Closely monitor the next moves of the Balancer attacker and whether it will have a cascading effect on other DeFi protocols.

Additionally, a sleeping crypto whale that had been dormant for three years has attracted market attention during this theft incident.

According to LookonChain monitoring, a dormant crypto whale, 0x0090, just awakened after the Balancer platform vulnerability occurred, eager to withdraw its $6.5 million in related assets from Balancer. On-chain information can be found at: https://intel.arkm.com/explorer/address/0x009023dA14A3C9f448B75f33cEb9291c21373bD8

Follow-up Developments: Hackers Begin Token Exchange Mode

According to on-chain analyst Yu Jin's monitoring, the hackers involved in the Balancer theft have begun attempting to exchange various liquid staking tokens (LST) for ETH. Previously, they exchanged 10 osETH for 10.55 ETH.

On-chain information shows that the hackers are continuously exchanging stolen assets across multiple chains for ETH, USDC, and other assets through Cow Protocol. Currently, the hope of recovering these stolen assets seems quite slim.

Moving forward, whether Balancer can promptly identify the protocol contract vulnerabilities and quickly recover the stolen assets or provide corresponding solutions will be closely monitored.

Original Link

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarTechub News
3 hours ago
Finternet 2025 Asia Digital Finance Summit successfully concluded: Over 1,500 global leaders reached a consensus on a new path to "serve the real economy."
avatar
avatarPANews
3 hours ago
$128 million stolen, 27 fork protocols "caught in the crossfire," the Balancer incident provides three major lessons for DeFi.
avatar
avatarPANews
4 hours ago
When AI has memory and identity: How does Unibase unleash the true potential of x402 and ERC-8004?
avatar
avatar链捕手
4 hours ago
The market is facing a significant correction; is this the midpoint or the endpoint of the cycle?
avatar
avatar深潮TechFlow
4 hours ago
NeoBank Yearbook: A Quick Overview of the Current Status of Neobanks
APP

X

Telegram

Facebook

Reddit

CopyLink