Oups, i did it again! Third and fourth hack on Balancer pools

Oups, i did it again! Third and fourth hack on Balancer pools


Yesterday, June 29th, two of the multi-token pools on DeFi platform Balancer were drained of ~$450,000. The attacker conducted the attack in two separate flashloan transactions by draining one liquidity pool until close to zero. The firm’s co-founder and CTO, Mike McDonald, confirmed that hackers drained at least two of their pools that contained deflationary tokens STA and STONK. He admitted that hackers exploited security vulnerabilities in those tokens to trick their pools into selling them Ether, WBTC, LINK, and SNX with a total loss of 601.3 ETH, 11.36 WBTC, 22,593 LINK, and 60,915 SNX totalling  around $450,000. Did they knew about this on 5th of May, and did not believe it possible, at the time, because involved a colossal amount of gas? It is not like the hackers are not rich enough to pay their own fees, right? Bonus point: guess who is trying to shift the blame on the crypto, instead of taking care of their vulnerabilities. 

As we know, there is a huge competition know in the DEFI space, expecially between the tokens involved in yield farming. But there is no easy profit and there are risks involved. My man here pointed out this from the beginning:

In a later report from Balancer, they announced they will compensate any user loosing his/her tokens. Details about all this will be published later this week. 

But, in a surprising way, this happened again on 30.06.2020, even if on a smaller scale. Apparently at 1.39 PM, someone used dydx flashloan(again) and drained unclaimed COMP in several balancer pool, making 10.8 ETH profit in the process. You were thinking that once they found out that this exploit can be used for any coin, on any pool, they will pause the protocol in order to prevent another incidents. They didn't. In my opinion the solution is simple, even if time consuming. They should introduce a temporary 24 hours delay on withdrawals and manually approve them. At least until they find a solution. Another great example of company caring more of the brand image than the solution. Now they really need to step up, in my opinion. 

Any future DEFI project should study this issue and learn how to avoid future problems. Now that the cat is out of the hat, more pools will be under black hackers scrutiny. Some state sponsored hacker groups will probably enjoy the free money. And they have the power and the numbers to pose a real danger to the future of DEFI. 

Read the CoinTelegraph article for the technical analysis of the hack. 

 

 

Be careful, very careful, in the end there are your money we talk about!

G.

 

 

My crypto-related links  (check ratings - 1 to 5 stars based on my personal experience)

 

Games to gain crypto

***** League of Kingdoms - link here: similar with Heroes of Might and Magic (worldwide - paying in DAI)

**** DogeWars - link here (paying in Doge, 10-100 Doge initial investment, fight bosses and 1vs1 arena)

 

Exchanges

***** Binance( good for staking/savings ) - link here

***** Kucoin( good for staking/savings ) - link here

***** Coinbase( ideal for beginners )- link here  

 

Investments

**** BlockFi (decent interest rates, but less choices than Celsius) - link here

***** Celsius.network (good rates of interests and monthly codes for free crypto, 1235256530 => my referral for $10 bonus  ) - link here

**** Coinbundle (investing in crypto bundles) - link here  

**** Stakecube (staking, masternodes and very easy to claim faucets for 28 coins/tokens) - link here

 

Wallets for multiple cryptocurrencies

***** Coinpot - link here (microwallet for all Moon faucets, Bitfun and Bonusbitcoin)

***** Atomic wallet - link here (microwallet for Publish0x DAI, BAT and Loopring)

***** Spherewallet (for Horizen, combined with the faucet for extra bonus) - link here  

**** Crypto.com wallet (good interest staking and 50$ bonus in MCO) - link here

 

Free crypto (faucets and more)

****Lbry.tv (free crypto for watching or making videos) - link here

**** Bitfun( 3 min countdown - automatically deposit to Coinpot wallet ) - link here

*** Bonusbitcoin( 15 min countdown - automatically deposit to Coinpot wallet ) - link here

**** Moon Bitcoin ( 5 min countdown - automatically deposit to Coinpot wallet ) - link here

***** Horizen faucet ( 20 hours countdown - automatically deposit to Sphere wallet ) - link here

*** Tezosfaucet ( 7 days countdown - automatically deposit to Coinbase or Binance wallet ) - link here

** Tron and other crypto faucet (24 hours countdown) - link here  

 

Others

***** Publish0x blog (Free BAT, DAI and Loopring for reading/writing - can combine with Atomic wallet) - link here

***** Brave browser (Free BAT for using it, based on paid ads, very good AdBlocker and high speed) - link here    

 

 

Disclaimer: This text also can be re-published on my personal blogs, such as this one.

 

 


Heruvim78
Heruvim78

I am a writer, gamer, healthcare professional. I am.


Crypto - I tested it, so you didn't need to...
Crypto - I tested it, so you didn't need to...

About everything related to Bitcoin, altcoins, blockchain games, AI and similar things. Upcoming initial coin offerings (ICOs) would be described and analysed and different coins and tokens trends can be followed here. I hope you will enjoy reading it and finding something new. Other digital assets can be mentioned or explained. Basically i will talk about my point of view, unbiased or not. Do not take it as financial advice and always, i mean always do your own research. Some of them can be referrals.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.