11-21-2024
BSV
$67.88
Vol 210.14m
-0.44%
BTC
$98046
Vol 121123.07m
4.03%
BCH
$479.7
Vol 2187.5m
9.39%
LTC
$88.41
Vol 1397.6m
5.03%
DOGE
$0.38
Vol 9412.64m
1.74%
Getting your Trinity Audio player ready...

Balancer, a DeFi platform that provides non-custodial portfolio management, liquidity, and price sensor services, was hacked for around $450,000 on June 29.

How it happened

The Balancer hacker had an in-depth understanding of several DeFi platforms and used their knowledge of those platforms to conduct a hack with several moving parts. According to a blog post from Balancer CTO Mike McDonald, the hacker:

– took out a FlashLoan of 104k WETH from dYdX.

– used the funds from the FlashLoan to swap WETH for STA token on Balancer 24 times back and forth– every time the attacker swapped WETH to STA, the Balancer Pool received 1% less STA than was expected.

– After doing this 24 times, the attacker called gulp() which syncs the internal pool accounting of a token balance to the actual balance as stored in the token tracker contract.

– Because the attacker drained the balance of STA close to zero, its price relative to the other tokens was extremely high and the attacker used the STA to swap for other assets in the pool for an extremely low price.

Ultimately, this method allowed the hacker to steal 601.3 ETH ($134,114), 11.36 WBTC ($103,319), 2,593 LINK ($101,442), and 60,915 SNX ($110,865)—equal to roughly $449,740 at the time of writing.

Did Balancer know of this flaw?

According to some individuals, Balancer Protocol was aware that their protocol had this vulnerability. Twitter user @Hex_Capital claims that they (@Hex_Capital) made Balancer Protocol aware of the flaw on May 6. 

Hex_Capital says they submitted this bug to Balancer Protocol’s bug bounty program, but that Balancer refused to acknowledge the bug and pay Hex_Capital their bounty reward. 

Hex_Capital goes on to say that this is a major problem in the digital currency community today: companies are releasing bounty programs but ignoring the bugs submitted to them and refusing to pay out the individual or team that discovered the flaw. 

DeFi is a prime target

This year, DeFi platforms have been a prime target for hackers. Individuals with a deep understanding of DeFi platforms are using their knowledge to exploit flaws in the platforms that allow them to make off with significant amounts of money. Earlier this year, DeFi platforms bZx and dForce were hacked for hundreds of thousands and millions of dollars, respectively. 

Given the recent increase in retail and institution interest—as well as capital flowing into—DeFi, there’s a good chance that more DeFi exploits will occur before the end of the year.

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement