Balancer Labs, a decentralized finance (DeFi) protocol for programmable liquidity and more, has been exploited by a bad actor who succeeded in stealing over $500k worth of altcoins from its Statera (STA) and STONK (STONK) lending pools, according to reports on June 29, 2020.
Balancer Labs Vulnerability Exploited
While decentralized finance (DeFi), has been touted as the future of finance, due to its promise of providing alternatives to traditional finance and fostering financial inclusivity, the fact remains that DeFi still has a long way to go before achieving complete success, as bad actors have continued to exploit its vulnerabilities in a bid to get rich quick
In the latest of such development, an unknown sophisticated smart contracts engineer has successfully launched an attack on Balancer Labs, stealing more than $500k worth of altcoins from the platform’s Statera (STA) and Stonk (STO) lending pools.
Per sources close to the matter, the bad actor orchestrated the attack by sending two complex transactions to the Ethereum Mainnet within the space of several minutes, draining the two pools.
Specifically, the hacker crafted malicious smart contracts designed to carry out multiple transactions with a single transaction and then proceeded to obtain a FlashLoan of 104k Wrapped Ether (WETH) from the decentralized exchange, dYdX.
The WETH tokens were then swapped to STA token back and forth 24 times, thereby draining the entire STA balance from the lending pool.
That’s not all, the attacker then swapped the 1 weiSTA to WETH multiple times, taking advantage of the STA implementation to get more WETH from the pool without giving back STA. The hacker repeats the above steps to empty the WBTC, SNX, and LINK tokens in the pool.
Explaining further, DEX Aggregator, 1inch wrote:
“The attacker repaid the FlashLoan of 104k WETH to dYdX and quickly increased his share at Balancer Pool by depositing a few weiSTA.Then he swapped collected Balance Pool token to 136k STA through Uniswap V2, and then he swapped 136k STA to 109 WETH again.”
In similar news, BTCManager reported how the bZx lending platform had suffered a massive attack earlier in February 2020, losing 2,378 ETH (about $645,000) to the rogue actors.
Despite the loopholes present in DeFi platforms, demand for decentralized finance has continued to surge, a strong indication that the innovative financial ecosystem has come to stay and will only get better as time goes on.