The developers of the decentralized finance (DeFi) protocol Balancer, built on the Ethereum blockchain, said that attackers attacked their v2 pools and caused losses of $128 million. How did they do it?
The developers of the decentralized finance (DeFi) protocol Balancer, built on the Ethereum blockchain, said that attackers attacked their v2 pools and caused losses of $128 million. How did they do it?
Balancer provides flexible pools with custom token combinations, allowing users to deposit assets, earn commissions, and enable traders to exchange assets. The protocol is governed by the BAL token, which had a market cap of $65 million just before the incident, Bleeping Computer reports .
Balancer asked users to be cautious about potential scams or phishing attempts.
The company confirmed that its V2 Compostable Stable Pools were affected by the attack, which did not affect other Balancer pools, including the V3.
«Our team is working with leading security researchers to understand the root of the problem,» Balancer said.
The Balancer V2 exploit is reported to have arisen due to a precision rounding error in Vault exchange calculations.
Each exchange operation rounded down the token amounts, creating small discrepancies that an attacker could exploit repeatedly. By chaining multiple exchanges through the batchSwap function, these rounding losses led to significant price distortion.
However, some users attribute the hack to improper authorization and callback handling within Balancer V2 repositories.
