In a black day for Decentralized Finance (DeFi), two Balancer pools got drained off at least $500,000 through an exploit taking advantage of deflationary properties of Statera (STA) token on June 28, 1inch.exchange team investigation report concluded. The Balancer Labs announced that it will completely reimburse all the losses to the users, as well as give bounty to the white hat hacker, who pointed this attack vector to the Balancer Bug Bounty on May 06 to @Hex_Capital.
After thorough discussions with the community, the Balancer Labs team decided that it will fully reimburse all the liquidity providers who lost funds in the attack of yesterday. We will also pay out the highest bug bounty available for @Hex_Capital
More details on the…— Balancer Labs (@BalancerLabs) June 29, 2020
The hacker executed a complex transaction on the blockchain to attack balancer pools and got away with at least $425,000 worth of tokens. Among them, 455 WETH ($100k worth), 2.4M STA ($100K worth) later converted to 109 WETH ($25K worth), 11.36 WBTC ($100K worth), 60.9K SNX ($100K worth) and 22.6K LINK ($100K worth).
3/ I submitted this exact attack vector to Balancer Labs’ Bug Bounty program 53 days earlier on May 6. At the time, only $250 of user funds were at risk. My medium post includes my full, unedited bug bounty submission.— Hex Capital (@Hex_Capital) June 29, 2020
4/ Today, Balancer announced they would cover all user losses in this hack and would pay out the highest-level bug bounty for my submission. Kudos to the team for making the right decision here! 👏https://t.co/hhn0JuXDNi— Hex Capital (@Hex_Capital) June 29, 2020
Balancer Pools Attack Details
A total of 2 Balancer pools were attacked, using complex similar transactions. A smart contract was utilized to automate multiple actions in a single transactions. After taking a flash loan of 104K WETH from dYdX, the attacker swapped WETH to STA token back and forth 24 times to drain the pool balance and leave it at extremely small balance of 1 weiSTA. It was made possible by the fact that Balancer pool keeps track of the token balancers and deflationary characteristics of the STA token (deduction of transfer fee of 1% charged from the receiving address) resulting in transfer() and transferFrom() misbehavior.
Every time, the swap was executed, the balancer Pool received 1% less STA than it should have. Next, the attacker converted 1 weiSTA to WETH multiple times. Due to the STA token transfer fee implementation, the pool never received the STA but released WETH nonetheless.
The WBTC, SNX and LINK token balances were drained from the pool, in the same manner. The attacker then repaid the flash loan, rapidly increased his share in the Balancer Pool by depositing a few weiSTAs. The attacker lastly used Uniswap V2 to convert collected Balancer Pool tokens to 136K STA, before converting the STAs to 109 WETH again.
The stolen funds were transferred to 0xbf675c80540111a310b06e1482f9127ef4e7469a.
1inch.exchange Comments On the Hacker
The investigation report by the 1inch team concluded that “The person behind this attack was very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols.”
It was further stated that the attack was well organized and prepared for. Also, the hacker used funds gained from Ethereum transactions mixer Tornado Cash to hide the initial source of funds used to pay for the attack and clean any trace leading upto him.
Balancer Pool Rectification Measures To Prevent Such Attacks
The Balancer Labs team announced in the official post that since “Balancer is a permission-less protocol and broken or malicious tokens will always be able to be added at the contract level”, however they will begin adding transfer fee tokens to the UI blacklist, as well as adding more documentation to better inform users of the protocol risks. The Balancer protocol will also undergo a third audit to review security risks.
About Balancer Pools
Balancer is a non-custodial portfolio manager, automated liquidity provider and price sensor. The Balancer pools are programmable automated market makers (AMMs) with certain key properties that allows them to act as self-balancing weighted portfolios, similar to an index fund. However, instead of paying fees to portfolio managers to rebalance portfolios, the same role is undertaken by arbitrageurs, who then pay fees to user pools, while making arb profits.
Ripple Price Prediction – How High will XRP reach in 2050?
Bondly Got Hacked For Millions And The Team Has No Idea Why!
Pickle Finance Exploited For $20M In Most Complex Ever Code Execution
Ripple Price Prediction – How High will XRP Reach in 2025?
Cryptocurrency Trading Assistant Taylor Hacked For USD 1.7M (2579 ETH)
Lightning Network Can Be Paralyzed With 0.25 BTCs Spend, Research Shows
Upbit Cryptocurrency Exchange Hack – The Story So Far
Big News: Ripple Price is about to TRIPLE? This News Confirms…
White Hat hacker has Discovered Vulnerabilities in Ethereum DApp Augur
THORChain Hacked For $8M Again, Whitehack Suspected
The Big Ripple Price Prediction for 2023 – How high can the XRP price go in 2023?
Bancor Offers Upto $54,000 For Finding v2 Bugs, Releases Source Code
Origin Protocol Hacked For $7 Million
YAM v3 Relaunch On Sep 18 – The Phoenix Rises From The Ashes
Shiba Inu to Reach 1$ soon? This New Upcoming Development Proves it Right
Credits Bug Bounty Campaign
ApeCoin Staking: Here’s Everything You Need to Know About How to Stake ApeCoin
Cardano Basho: When is the next big Cardano update coming?
The Top 5 Decentralized Exchanges (DEXs)
Trustwave Discovers Cryptojacking Malware On Make-A-Wish Foundation website
The Verge hack: Was it an inside thing or is the verge team just incompetent?
You might also like
More from Blockchain
Cardano Price is set to reach 2$ by the End of 2023, in Theory?
Cardano (ADA) is a blockchain platform renowned for its unique proof-of-stake consensus mechanism and multi-layered architecture.
Understanding Asian Crypto Law and Its Impact on Tokens
As the Asia Crypto Law is set to take effect from June 1st, 2023, Hong Kong prepares to become a …
Rapid Growth: Bitcoin Ordinals Surpass 10 Million Mark as Project Lead Resigns
The Bitcoin Ordinals have experienced exponential growth, skyrocketing from a single inscription to 10 million within a span of less …