Ethereum AMM Balancer Exploited for Roughly $900k Following Vulnerability Warning

Ethereum automated market maker (AMM) Balancer, has put out an official disclosure to confirm that it had been exploited for approximately $900,000 (USD). The news comes just days after the decentralized finance protocol highlighted a vulnerability affecting several of its pools.

Blockchain security expert Meier Dolev identified an Ethereum address believed to belong to the alleged attacker. Subsequent to the exploit, this address received two transfers of the Dai (DAI) stablecoin, amounting to $636,812 and $257,527 respectively.

According to Dolev, the account affected over $893,978 in balance.

Through a statement on the social platform X, formerly known as Twitter, the Balancer team acknowledged the situation. They stated, “Balancer is aware of an exploit related to the vulnerability below.” Although they had implemented mitigation measures that significantly lowered the associated risks, they were unable to halt the affected pools. As a precautionary measure, the team urged users to withdraw from the compromised liquidity providers (LPs).

The attacker continues with his operation, approx $900K affected, more than $600K moved to this address
0xB23711b9D92C0f1c7b211c4E2DC69791c2df38c1 pic.twitter.com/inNqH4zel2

— Meir Dolev (@Meir_Dv) August 27, 2023

Previously, on August 22, Balancer had reported a critical vulnerability impacting its boosted pools. The platform had implored users to remove their funds from LPs and initiated a pause on pools to minimize potential harm. Assets that were under threat spanned various platforms including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM (from Polygon).

Upon the revelation of the vulnerability, merely 1.4% or over $5 million of Balancer's entire assets were at jeopardy. However, by August 24, an estimated $2.8 million, which constitutes 0.42% of its total value locked, was still exposed. The platform had issued a warning on X, advising its users:

“We believe funds in the mitigated pools (labeled ‘mitigated’) are safe, but still strongly recommend timely migration to safe pools, or withdrawal. Pools that were unable to be fortified are marked ’at risk’. If you participate as an LP in any of these pools, it is advised to exit immediately.”

Balancer had transitioned to the Optimism network in June the previous year with the intent of amplifying user functionality and diminishing transaction costs.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.