Review of Balancer's historical security incidents, resulting in a loss of 21 million dollars due to flash loans, front-end hijacking, and cross-protocol vulnerabilities
The DeFi protocol Balancer is currently under attack, with losses exceeding $116.6 million across multiple chains, and the attack on Balancer is still ongoing.
According to the on-chain AI analysis tool CoinBob, the historical security incidents of Balancer are as follows:
June 2020 Flash Loan Attack: Attackers exploited a compatibility issue between the deflationary token (STA/STONK) and Balancer's smart contracts, repeatedly calling
swapExactAmountInto drain the liquidity pool, ultimately profiting $523,600.August 2023 V2 Pool Vulnerability: The Balancer V2 pool suffered multiple flash loan attacks due to a code vulnerability, with total losses reaching $2.1 million. The team urgently paused the affected pools and advised users to withdraw their funds, but some funds that were not withdrawn in time were still exploited.
September 2023 Frontend Hijacking Attack: Hackers gained control of Balancer's frontend through BGP/DNS hijacking, tricking users into authorizing malicious contracts, resulting in a loss of $238,000. On-chain detective ZachXBT traced the funds to address 0x645710Af050E26bB96e295bdfB75B4a878088d7E.
2023 Euler Incident Impact: Due to a vulnerability in Euler Finance, Balancer's bbeUSD pool suffered a loss of $11.9 million, accounting for 65% of the pool's TVL. The team took protective measures to limit liquidity withdrawals.
2024 Velocore Attack Association: The Velocore vulnerability exploited Balancer-style CPMM pools, resulting in a loss of $6.8 million. Balancer's technical architecture was indirectly implicated due to cross-protocol integration.
Risk warning Risk warning
