It seems like Balancer’s vaults have had an unfortunate encounter with a malicious exploit, resulting in a very generous $128 million disappearing into the void. On-chain data doesn’t lie, and it’s showing that assets-over $128 million to be exact-have been transferred out of the protocol’s vaults. Someone’s definitely having a great day.
Oh, and the stolen loot? We’re talking about some heavy-hitters here: osETH, WETH, and wstETH. The thief didn’t just grab a few coins, no no-they’re consolidating their treasure, which has raised some concerns about money laundering. Who knew crypto could be so exciting?
Balancer Hit By Exploit
Balancer, your beloved decentralized finance (DeFi) protocol, just got its lunch money stolen. The on-chain data tells a sad story, with over $128 million snatched away and moved to a mysterious new wallet. A quick glance at the stolen funds shows 6,850 osETH, 6,590 WETH, and 4,260 wstETH. The heist targeted Balancer v2’s vaults, which are the heart of the platform-aggregating tokens and facilitating trades between liquidity pools. So yeah, this isn’t just your run-of-the-mill hack.
“We’re aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating with high priority. We’ll share verified updates and next steps as soon as we have more information.”
And if that wasn’t bad enough, vaults across Sonic, Polygon, and Base were also caught up in the chaos. Mikko Ohtamaa, co-founder and CEO of Trading Strategy, made an interesting point-he believes a faulty smart contract might be the root of the problem. The bad news? If the attack used the same vulnerability in older versions of Balancer, things could get a lot worse. And guess what? The attack is still happening, like some kind of digital heist movie unfolding across multiple chains. Grab your popcorn, folks.
How The Attack Unfolded
So, how did this spectacular attack go down? According to the security experts at Decurity, it was all due to a sneaky access control flaw in Balancer’s “manageUserBalance” function. The problem? The ValidateUserBalanceOp, which checks the sender’s address against a user-supplied address, let the attackers slip past the bouncers without so much as a “sorry, wrong door.” This allowed them to make unauthorized withdrawals from Balancer’s smart contracts. Smooth, right?
“manageUserBalance in Balancer has a faulty access check In _validateUserBalanceOp it checks msg.sender against user-supplied op.sender. It allows the execution of UserBalanceOpKind.WITHDRAW_INTERNAL (kind = 1).”
On-chain security experts have already noticed the attacker consolidating the stolen funds, which is raising alarms that they might be preparing to launder the loot through decentralized mixers. Because, of course, that’s how it works in the world of crypto crime.
A Third Exploit
In case you didn’t know, Balancer is a decentralized platform built on Ethereum that lets users trade tokens and provide liquidity using its self-balancing pools. It’s been around since 2020 and holds over $350 million in TVL (Total Value Locked) on Ethereum alone. But, like all good things, it’s not without its setbacks-this is, in fact, the third time Balancer has been hit by an exploit. The first two times were in 2021 and 2023, and both resulted in millions of dollars vanishing into the ether. The moral of the story? Keep an eye on your vaults, folks.
Balancer v2’s vault system was designed to separate token accounting from pool logic, making the pools smaller, simpler, and (supposedly) safer. The idea was to make it easier for anyone to plug in a new pool design without needing to create an entirely new DEX. Apparently, it’s a little too easy for hackers to plug into it, too.
Read More
- BTC PREDICTION. BTC cryptocurrency
- XRP PREDICTION. XRP cryptocurrency
- FLR PREDICTION. FLR cryptocurrency
- Brent Oil Forecast
- Gold Rate Forecast
- PENGU PREDICTION. PENGU cryptocurrency
- NEXO PREDICTION. NEXO cryptocurrency
- GBP CAD PREDICTION
- USD KZT PREDICTION
- SEI PREDICTION. SEI cryptocurrency
2025-11-04 17:16