The DeFi ecosystem has never been better than last week. The craze was mainly generated by the launch of the COMP and BAL governance tokens . Unfortunately, a hack from Balancer came to tarnish the weekend!
$ 500,000 in losses
Reports of Balancer’s potential hacking started going round Twitter on Sunday. The rumor was later confirmed by researcher Steven Zheng:
Subsequently, the protocol teams gave details of the attack. Thus, according to this publication , the incident would have taken place because of tokens with transfer fees, called “deflationary” .
Once again, it was a flash loan that allowed the attacker to take advantage and exploit a flaw in the Balancer system. Race results: $ 500,000 of wETH tokens flown away.
Details of the attack
As was the case for successive bZx hacks , this attack was only possible thanks to the existence of flash loans , these loans which only last the time of a transaction.
Thus, the attacker took out a loan in ETH on dYdX, which he converted into wETH. They subsequently exchanged their ETHs for Statera (STA) on numerous occasions (24 times in all ).
For each transaction, STA applies transfer fees of 1% (which are destroyed) and the pool expects to receive a balance without these fees . Once the operation was repeated a large number of times, the attacker finally managed to empty the STA pool .
Once the pool was empty, the STA price was artificially inflated, which allowed the attacker to drain other pools ( wBTC, SNX or LINK ) against STA whose price was on hormones.
As Balancer pointed out, this attack was not carried out by an amateur, but indeed by an expert, fully aware of their actions and their consequences:
“The person behind this attack was a very sophisticated and intelligent smart contract engineer with deep knowledge and understanding of the main DeFi protocols. The attack was organized and well prepared in advance. “
Anyway, it would seem that the error is all the same on the side of Balancer, who had been warned of the flaw in early June as part of its bug bounty . This incident also recalls Vitalik Buterin’s warnings regarding the lack of communication around the risks of the DeFi protocols .
CEX.IO allows for the buying of bitcoin and other cryptocurrencies for low fees via credit card, Debit card. Customers can also purchase for free (no fees) with bank transfers. The best thing about Cex is that it supports fiat currencies like USD and EUR which means you can withdraw your money and deposit it directly to your bank account without the need of a third party. In conclusion, Cex allows you to trade Cryptos, deposit funds from your bank account and also withdraw your funds to your bank account, it is an All-in-one exchange.
Please register through this link to support the blog: https://cex.io/r/0/up131023719/0/