Hacker Drains Over $450,000 from Balancer Pools

Hackers siphoned more than $450,000 in deflationary tokens on Monday from two multi-token pools on Balancer, an automated market maker protocol.

Two separate transactions were made within 45 minutes to exploit the STA and STONK pools with transfer fees.

First, the attacker received $23 million in flash loan from dYdX and then converted them to WETH, then started to repeatedly convert WETH to STA and vice versa for 24 times. With 1 percent transaction on each trade, almost all the STA balance in the pool was drained with only 0.000000000000000001 STA remaining.

According to the Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp Read this Term data, the attacker drained a total of around $452,000 in digital currencies - 601.3 ETH worth around $134,800; 11.36 WBTC valued at $103,500; 22,593 LINK worth $102,800; and 60,915 SNX worth around $110,900.

In an official statement, Balancer said that the protocol developers were not aware of the possibility of any such attacks.

“This is explicitly why STA was not included in the BAL mining whitelist that was recently put together,” the official Medium post read. “The system is designed for compliant ERC20’s and when tokens behave unintended ways, bad things can happen. Balancer is a permission-less protocol and broken or malicious tokens will always be able to be added at the contract level.”

A sophisticated Smart Contract Smart Contract A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist A smart contract is a piece of software that automatically executes a pre-determined set of actions when a certain set of criteria or met. One of the key tenets of smart contracts is their ability to perform credible transactions without third parties and are self-executing, with their conditions written into the lines of code that form themAdditionally, these transactions are both trackable and irreversible. For example, a smart contract could be used to give royalty payouts to a musical artist Read this Term engineer

DEX Aggregator 1inch in a post stated that the hacker “very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols.”

The DeFi ecosystems saw exponential growth recently, with a total locked-in value of around $1.63 billion in various platforms, according to DeFi Pulse. But attacks on such platforms also increased. bZx and dForce, two leading DeFi platforms were attacked earlier this year, showing the vulnerability of these platforms.

These platforms are also vulnerably to sharp market movement as one almost collapsed the Maker protocol.