According to security firm PeckShield, DeFi protocol Balancer appears to have had an exploit, with an estimated $110 million in assets stolen from its vaults.
Large, odd transfers from Balancer’s “0xBA1…BF2C8” address to an external wallet are seen in Etherscan transaction logs.
The withdrawals, which totalled around 6,587 WETH ($24.5 million), 6,851 osETH ($26.9 million), and 4,260 wstETH (~$19.3 million), indicate that assets worth tens of millions had been removed from the protocol’s vaults.
Also Read: Hypervault Experiences Suspected $3.6 Million Hack, Rugpull?
The exploit
Early onchain signs suggest a possible exploit or unlawful withdrawal rather than a normal liquidity transfer. However, Balancer’s staff has not yet released a comment.
The transactions were also reported as suspicious by a number of blockchain analytics companies, including Nansen.
According to Mikko Ohtamaa, CEO and co-founder of Trading Strategy, preliminary research indicates that a malfunctioning smart contract check is probably the primary problem.
Although not all Balancer versions seem to be impacted, he said in an X(Twitter) discussion that if previous V2 forks had the same vulnerability, damages might exceed $100 million.
The assault is still active on several chains where Balancer is used, and the anticipated losses have already surpassed $110 million, according to onchain analyst Lookonchain.
Details on Balancer
Balancer started operating in 2020, and it claims to have secured $350 million in total value secured solely on Ethereum, spanning self-balancing pools and automated portfolio and management.
“Users can claim compensation for any losses, please verify your wallet transactions if you notice something unusual,” the team stated.
This hack is not the first for Balancer. Dishonest actors exploited approximately $238,000 worth of cryptocurrency during the course of its operations in 2023.
Growing crypto hacks
Recently, in October, a cryptocurrency trader lost over $21 million in cryptocurrency from his wallet on Hyperliquid following a private key breach.
The attacker transferred the money to Ethereum after a recent heist on the Hyperliquid platform. The hacker crossed 17.75 million DAI and 3.11 million MSYRUPUSDP into Ethereum before transferring them further.
Also, after an attacker took advantage of a flaw in one of its smart contracts, Abracadabra, the decentralised finance lending platform that powers the Magic Internet Money stablecoin, lost almost $1.8 million. The attacker was able to remove 1.79 million MIM from the protocol by evading solvency checks.
Also Read: BNB Chain’s Official English X Account Hacked, Hackers Promote Fake Airdrop