According to the latest on-chain analysis, the on-chain transactions of the attacker behind the $116 million Balancer hack point to a sophisticated actor and extensive preparations that may have taken months, leaving no traces.

The decentralized exchange (DEX) and automated market maker (AMM) Balancer was attacked on Monday, resulting in a loss of approximately $116 million in digital assets.

Blockchain data shows that the attacker carefully funded their account with small deposits of 0.1 Ether (ETH) from the cryptocurrency mixer Tornado Cash to avoid detection. Coinbase board member Conor Grogan stated that the attacker had stored at least 100 ETH in the Tornado Cash smart contract, indicating a possible connection to previous hacks.

"The hacker seems experienced: 1. Funded the account with 100 ETH and 0.1 Tornado Cash deposits. No operational security leaks," Grogan said in a post on X on Monday. "Since there have been no Tornado deposits of 100 ETH recently, the attacker likely had funds stored there from previous attacks."

Grogan noted that users rarely store such large amounts in privacy mixers, further indicating the professionalism of the attacker.

Balancer has offered a 20% white hat bounty to the attacker, provided that the stolen funds are fully returned (minus the reward) by Wednesday.

"Our team is working with leading security researchers to understand the issue and will share more findings and a complete post-mortem analysis as soon as possible," Balancer wrote in its latest update on X on Monday.

According to Deddy Lavid, co-founder and CEO of blockchain security company Cyvers, the Balancer attack is "one of the most sophisticated attacks we've seen this year":

Lavid stated that this attack shows that static code audits are no longer sufficient. Instead, he called for ongoing real-time monitoring to flag suspicious flows before funds are depleted.

The notorious North Korean Lazarus Group is also known for extensive preparations before its largest-scale hacks.

According to data from blockchain analysis firm Chainalysis, despite a surge in attacks earlier this year, illegal activities associated with North Korean cyber actors sharply declined after July 1, 2024.

According to Eric Jardine, head of cybercrime research at Chainalysis, the significant slowdown before the Bybit hack indicates that the state-sponsored hacking organization is "reconvening to select new targets."

"The slowdown we are observing may be a reconvening to select new targets, probing infrastructure, or possibly related to those geopolitical events," he told Cointelegraph.

Cointelegraph reported on March 4 that the Lazarus Group took 10 days to launder 100% of the stolen Bybit funds through the decentralized cross-chain protocol THORChain.

Related: Opinion: Post-mortem analysis cannot prevent AI-driven cryptocurrency fraud

Original article: “Balancer Hack Shows Signs of Skilled Attacker's Months of Preparation”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。