Security Flaw in Balancer Pools Leads to Massive $450K Crypto Hack
- Automated market maker protocol Balancer lost over $450,000 in a hacking incident on Sunday.
- The firm’s co-founder and CTO, Mike McDonald, confirmed that hackers drained at least two of their pools that contained deflationary tokens STA and STONK.
- He admitted that hackers exploited security vulnerabilities in those tokens to trick their pools into selling them Ether, WBTC, LINK, and SNX at cheaper rates.
Two pools on Balancer, an automated market maker protocol, lost more than $450,000 to a hacking incident that mainly attacked deflationary tokens.
Mike McDonald, the co-founder & CTO of Balancer, confirmed in a Medium post on Sunday that hackers launched the attack in two installments. The first one took place at 0603 UTC, while the other happened about 30 minutes later at 0649 UTC.
Both the attacks exploited STA and STONK, deflationary tokens with 1 percent transfer fees.
Anatomy of the Attack
As Mr. McDonald noted, the attackers designed a special smart contract that could perform multiple actions in a single transaction.
At first step, they secured a loan of 104,000 WETH from the dYdX crypto lending platform. Then they swapped the amount for STA tokens back and forth 24 times. Each transaction drained 1 percent of the STA fund from the Balancer’s pool.
So on every transaction, Balancer received less and less STA tokens as fees.
The pool did not detect the drainage due to its own limitations. DEX aggregator 1inch wrote in its Medium post that Balancer does not record the number of STA burnt after a transaction. It only keeps a tab on the token transfer.
Eventually, the STA balance on the pool declined to 1 weiSTA, an equivalent of 0.000000000000000001 STA. That led Balancer to rebalance its pool by automatically transferring the value of other tokens, including Ether, WBTC, LINK, and SNX, to STA.
How to make money exploiting DeFi protocols: do it all in one transaction ?
The attacker involved in today’s exploit also used @TornadoCash to fund their initial wallet which shows that DeFi attackers are getting more sophisticated and creative. pic.twitter.com/tOX7e214tN
— Anthony Sassano | sassal.eth ?? (@sassal0x) June 29, 2020
The re-balancing made other tokens cheaper to purchase. Hackers exploited the event to swap their STA tokens for others, eventually draining 601.3 ETH (~$135K), 11.36 WBTC (~$103.5K), 22,593 LINK (~$103K), and 60,915 SNX (~$111k) from the pool. That amounted to nearly $452,000.
Mr. McDonald admitted that they were not aware of the nature of the attack, but clarified that they had earlier warned the community about vulnerabilities in deflationary tokens. At the same time, he confirmed concrete developments to mitigate the said risks.
“We will begin adding transfer fee tokens to the UI blacklist similarly to what we have done for no bool transfer tokens,” wrote Mr. McDonald. “Note that these lists will be non-exhaustive and any new tokens can be added to Balancer at any point.”
Not The First Crypto Exploit
The Balancer hack marked a fifth-of-its-kind attack on open-source protocols. The biggest heist among them took place in April 2020 after hackers drained $25 million out of the dForce protocol. Nevertheless, the attackers returned the funds for unknown reasons.
On the other hand, lending protocol bZx lost over $1 million in two consecutive hacking attempts in February 2020.
Source: Read Full Article