Balancer, a popular crypto lending platform on Ethereum (ETH), was attacked again this week. It is curious that the decentralized crypto exchange DEX itself issued a warning about active hackers just last week. On August 22 it reported Twitter account from Balancer that there are a number of so-called critical security vulnerabilities Liquidity Pools and advised users to withdraw their cryptocurrencies from these pools immediately.
$1 million stolen on the Ethereum platform
Nevertheless, a few days after the announcement, a hacker struck and exploited the vulnerabilities in the balancer. On Sunday, Balancer announced that the DEX was the target of a nearly $1 million theft.
According to blockchain security firm Beosin, the hacker used so-called flash loan attacks. These attacks give hackers access to credit within the DeFi platform. This allowed the burglar to manipulate the liquidity pools on balancers and withdraw large amounts. After the hacker stole the funds from different liquidity pools, the loan amount was repaid in the same transaction.
Meir Dolev of cybersecurity firm Cyvers reports that the hacker used an Ethereum wallet to siphon off the huge amount. As of Sunday, the hacker transferred a mega amount of no less than $979,240 in stablecoins DAI to the wallet.
The attacker continues his operation, about $900,000 affected, more than $600,000 has been moved to this address
0xB23711b9D92C0f1c7b211c4E2DC69791c2df38c1 pic.twitter.com/inNqH4zel2— Meir Dolev (@Meir_Dv) August 27, 2023
DeFi is regularly targeted by crypto hackers
Several analysts from Blocksec, also a blockchain security company, point out that the pools under attack have already been listed by the Balancer team. So it appears that despite Balancer’s warning, many users have not withdrawn their funds from the vulnerable pools.
The DeFi world is often the target of these types of attacks. Due to the complexity of this crypto industry and because it is still a relatively young sector, hackers regularly find vulnerabilities in the underlying code, which they are happy to exploit. Recently, Curve (CRV), a similar DeFi lending platform, was the target of such an attack. Then even $40 million in cryptocurrencies were stolen.