Original title: Old DeFi Falls: Balancer V2 Contract Gap, Over $110 million Asset Stolen
Original by Wenser, Odaily Daily Planet
On 3 November, the old DeFi Accord Balancer was stolen from over $7 million. Subsequently, the information was confirmed by multiple sources and the scale of the stolen funds continued to rise. At the time of writing, Balancer ' s stolen assets had increased to over $116 million. The Odaily Daily Planet will briefly analyse the matter in this paper。
Balancer Stolen Details: Lost over $116 million, mainly due to v2 pool smart contract leaks
According to the chain information, Balancer attackers have now surpassed $116 million in the scale of the theft, with the main stolen assets including WETH, wstETH, OsETH, frxETH, rsETH, rETH, distributed over multiple chains such as ETH, Base, Sonic:
· stolen assets on the taifung chain: around $100 million
Stolen assets in the · Arbitrum chain: nearly $8 million
Stolen assets in the · Base chain: nearly $3.95 million
Stolen assets in the · Sonic chain: over $3.4 million
Stolen assets in the · Optimism chain: nearly US$ 1.57 million
Stolen assets in the · Polygon chain: around $230,000。
The encrypted KOL Adi communication indicates that the preliminary investigation revealed that the attack targeted mainly the V2 vault and the mobility pool of Balancer, using loopholes in the interaction of smart contracts. The chain investigators noted that a maliciously deployed contract manipulated Vault during the initialization of the mobility pool. Improper delegation of authority and recall has enabled the attackers to bypass protective measures, allowing unauthorized Swap exchange or balance manipulation between the interlocking mobility pool, thereby quickly stealing assets within minutes。
According to the information available, there is no private key leak, which is a purely intelligent contractual loophole。
The auditing agency, kebabsec Auditor, Citrea Developer, @okkothejawa, also wrote that "(the inspection error referred to in @moo9000) may not be fundamental, because in all `manageUserBalance' calls ops.sender = = msg.sender. The security gap may have occurred in transactions prior to the creation of the contract for the extraction of assets, as it resulted in some changes in the status of the Balancer vault. I don't know
Balancer also responded to the public: "The official team is aware of the potential loopholes affecting the Balancer v2 pool. Our engineering and security team is giving high priority to the investigation. We will share verified updates and subsequent steps as soon as more information is available. I don't know
Berachain, who is at risk of potential asset damage, responded first. Following a communication from the Berachain Foundation, the founder of the Berachain Foundation, Smokey The Bera, has stated to the outside world that "the Bera node group has voluntarily suspended the operation of the public chain to prevent interference with the Balancer loophole in the BEX (mainly the USDe 3 pool)。
& Middot; Disable the Bera Bridge for the Ethena team
& Middot; Ban/ Pause USDe Deposits on Loan Markets
· Pause HONEY token foundry and exchange
· communicates with CEX etc. to ensure that hacker addresses are blacklisted
Our goal is to recover the funds and ensure the safety of all LPs as soon as possible. The Berachain team will issue binary documents to the relevant node certifiers and service providers as soon as they are ready (as the pool contains non-native assets, it involves, for example, the reconstruction of some slots, not just the modification of Bera token balances). I don't know
Balancer attacker chain details: https://intel.arkm.com/explorer/entity/cd756cb8-6a84-4f40-9361-f6c54544430
Balancer was stolen, and the most nervous was the encrypted whale
As an old DeFi protocol, Balancer's user was undoubtedly the most directly affected by the theft, and for current users, the following could be done:
& Middot; Withdrawal of funds from Balancer v2 pool to avoid increased losses
& Middot; Revoke, DeBank or Etherscan remove smart contract privileges from the Balancer address to avoid potential security risks
& Middot; Keep an eye on the next steps of the Balancer attackers and whether there will be a ripple effect on other DeFi agreements。
In addition, there was a three-year-old encrypted whale that attracted market attention。
According to Lokoon Chain, a 3-year-slept encrypted whale, 0x0090, has just woken up after the Balancer platform gap, eager to extract its $6.5 million related assets from Balancer. For information on the chain, see https://intel.arkm.com/explorer/adcess/0x009023dA14A3C9f448B75f33cEb9291c21373bD8
Follow-up progress: hacking into currency exchange patterns
According to the chain analyst's after-effect monitoring, hackers of the Balancer theft have begun to try to convert many mobile coins (LSTs) into ETHs, which had previously converted 10 osETHs into 10.55 ETHs。
The chain information indicates that hackers are continuously converting stolen assets along multiple chains to assets such as ETH, USDC, through Cow Protocol. At present, there is little hope for recovery of these stolen assets。
Following this, whether Balancer will be able to identify contractual gaps in a timely manner and recover stolen assets or provide corresponding solutions as soon as possible will be followed up by the Daily Daily Daily Odaily。