Decentralized finance (DeFi) liquidity provider Balancer Pool caught off-guard by a SOPHISTICATED smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols.
It had fallen victim to a sophisticated hack that exploited a loophole, tricking the protocol into releasing $500,000 worth of tokens. It's definitely the worst nightmare for The Balancer especially they are quite a new DeFi platform and suffered such a loss.
The attacker had borrowed $23 million worth of WETH tokens, an ether-backed token suitable for DeFi trading, in a flash loan from dYdX. They then traded, against themselves, with Statera (STA), an investment token that uses a transfer fee model and burns 1% of its value every time it’s traded.
The attacker went between WETH and STA 24 times, draining the STA liquidity pool until the balance was next to nothing. Because Balancer thought it had the same amount of STA, it released WETH that equated to the original balance, giving the attacker a larger margin for every trade completed.
The hacker’s identity remains a mystery.
The hacker had covered their tracks well: The ether used to pay transaction fees and deploy smart contracts was laundered through Tornado Cash, an Ethereum-based mixer service.
At press time, CoinGecko data shows BAL tokens trading at the $11 mark, down about 5% in the past 24 hours.
IS DEFI STILL YOUR FIRST CHOICE?
ARE YOUR YIELD FARMING TOKENS CURRENTLY IN A SAFE PLACE?
WILL IT HAPPENS TO OTHER DEFI PLATFORM AS WELL?
PLAN YOUR OWN RISK! NEVER GO ALL-IN INTO A PLATFORM.