Balancer Pools Get Drained Off $500K Through STA Exploit, Team Reimburses

In a black day for Decentralized Finance (DeFi), two Balancer pools got drained off at least $500,000 through an exploit taking advantage of deflationary properties of Statera (STA) token on June 28, team investigation report concluded. The Balancer Labs announced that it will completely reimburse all the losses to the users, as well as give bounty to the white hat hacker, who pointed this attack vector to the Balancer Bug Bounty on May 06 to @Hex_Capital.

After thorough discussions with the community, the Balancer Labs team decided that it will fully reimburse all the liquidity providers who lost funds in the attack of yesterday. We will also pay out the highest bug bounty available for @Hex_Capital

More details on the…— Balancer Labs (@BalancerLabs) June 29, 2020

The hacker executed a complex transaction on the blockchain to attack balancer pools and got away with at least $425,000 worth of tokens. Among them, 455 WETH ($100k worth), 2.4M STA ($100K worth) later converted to 109 WETH ($25K worth), 11.36 WBTC ($100K worth), 60.9K SNX ($100K worth) and 22.6K LINK ($100K worth).

3/ I submitted this exact attack vector to Balancer Labs’ Bug Bounty program 53 days earlier on May 6. At the time, only $250 of user funds were at risk. My medium post includes my full, unedited bug bounty submission.— Hex Capital (@Hex_Capital) June 29, 2020

4/ Today, Balancer announced they would cover all user losses in this hack and would pay out the highest-level bug bounty for my submission. Kudos to the team for making the right decision here! 👏— Hex Capital (@Hex_Capital) June 29, 2020

Balancer Pools Attack Details

A total of 2 Balancer pools were attacked, using complex similar transactions. A smart contract was utilized to automate multiple actions in a single transactions. After taking a flash loan of 104K WETH from dYdX, the attacker swapped WETH to STA token back and forth 24 times to drain the pool balance and leave it at extremely small balance of 1 weiSTA. It was made possible by the fact that Balancer pool keeps track of the token balancers and deflationary characteristics of the STA token (deduction of transfer fee of 1% charged from the receiving address) resulting in transfer() and transferFrom() misbehavior.

Every time, the swap was executed, the balancer Pool received 1% less STA than it should have. Next, the attacker converted 1 weiSTA to WETH multiple times. Due to the STA token transfer fee implementation, the pool never received the STA but released WETH nonetheless.

The WBTC, SNX and LINK token balances were drained from the pool, in the same manner. The attacker then repaid the flash loan, rapidly increased his share in the Balancer Pool by depositing a few weiSTAs. The attacker lastly used Uniswap V2 to convert collected Balancer Pool tokens to 136K STA, before converting the STAs to 109 WETH again.

The stolen funds were transferred to 0xbf675c80540111a310b06e1482f9127ef4e7469a. Comments On the Hacker

The investigation report by the 1inch team concluded that “The person behind this attack was very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols.”

It was further stated that the attack was well organized and prepared for. Also, the hacker used funds gained from Ethereum transactions mixer Tornado Cash to hide the initial source of funds used to pay for the attack and clean any trace leading upto him.

Balancer Pool Rectification Measures To Prevent Such Attacks

The Balancer Labs team announced in the official post that since “Balancer is a permission-less protocol and broken or malicious tokens will always be able to be added at the contract level”, however they will begin adding transfer fee tokens to the UI blacklist, as well as adding more documentation to better inform users of the protocol risks. The Balancer protocol will also undergo a third audit to review security risks.

About Balancer Pools

Balancer is a non-custodial portfolio manager, automated liquidity provider and price sensor. The Balancer pools are programmable automated market makers (AMMs) with certain key properties that allows them to act as self-balancing weighted portfolios, similar to an index fund. However, instead of paying fees to portfolio managers to rebalance portfolios, the same role is undertaken by arbitrageurs, who then pay fees to user pools, while making arb profits.

In order to support and motivate the CryptoTicker team, especially in times of Corona, to continue to deliver good content, we would like to ask you to donate a small amount. Independent journalism can only survive if we stick together as a society. Thank you

Nexo – Your Crypto Banking Account

Instant Crypto Credit Lines™ from only 5.9% APR. Earn up to 8% interest per year on your Stablecoins, USD, EUR & GBP. $100 million custodial insurance.


This post may contain promotional links that help us fund the site. When you click on the links, we receive a commission – but the prices do not change for you! 🙂

Disclaimer: The authors of this website may have invested in crypto currencies themselves. They are not financial advisors and only express their opinions. Anyone considering investing in crypto currencies should be well informed about these high-risk assets.

Trading with financial products, especially with CFDs involves a high level of risk and is therefore not suitable for security-conscious investors. CFDs are complex instruments and carry a high risk of losing money quickly through leverage. Be aware that most private Investors lose money, if they decide to trade CFDs. Any type of trading and speculation in financial products that can produce an unusually high return is also associated with increased risk to lose money. Note that past gains are no guarantee of positive results in the future. 

Posted By

Taha Zafar

Blockchain Expert. DeFi Enthusiast. Skilled in Fundamental Analysis and All Things Crypto.

You might also like

More from Blockchain

Dash Partners With AnkerPay And PlusBit Wallet

Dash team announced on May 05 that their project Dash Pay has partnered with AnkerPay, in a bid to make …

Ethereum Updates – ETH Futures And Progress On EIP 1559

The second largest crypto-asset in the world is progressing rapidly to establish itself as the cornerstone of the new decentralized …

Source link