A recent tweet posted on the official social media page X revealed that the decentralized finance (DeFi) market maker Ethereum and the decentralized financial protocol Balancer had been exploited for nearly $900,000 USD. This happened just a few days after a vulnerability affecting the protocol’s pools was disclosed.
The attacker’s Ethereum address was exposed by blockchain security expert Meier Dolev. Following the exploit, this address received two transactions of DAI stablecoin, totaling $636,812 USD and $257,527 USD, respectively, raising its balance to over $893,978 USD.
It’s worth noting that Balancer initially revealed a critical vulnerability impacting enhanced pools on August 22nd. They urged users to withdraw funds from liquidity providers (LPs) and temporarily halt the pools to mitigate potential losses.
The vulnerability affected various asset types deployed on platforms such as Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM.
Upon discovering the security flaw, only 1.4% of its total assets were at risk, equating to assets worth over $5 million USD. By August 24th, at least $2.8 million USD, equivalent to 0.42% of the total locked value (TVL), were still exposed to risk.
Balancer warned users on X:
“We believe funds in affected pools (labeled ‘affected’) are safe, however, we strongly recommend moving to safe pools or withdrawing. Pools that can’t be mitigated will be labeled ‘at risk.’ If you’re an LP in any of these pools, please exit immediately.”
To provide context, Balancer is a DeFi protocol deployed on the Optimism network since June 2022, aiming to enhance user functionality and reduce fees.