New hack against Balancer. A few hours after the first attack that involved the DeFi protocol and led to the loss of almost half a million dollars, a second attack was carried out using the same strategy, this time against the COMP token.
Apparently this happened an hour ago, someone used dydx flashloan(again) and drained unclaimed COMP in several balancer pool, making 10.8 ETH profit in the process. Thread incoming. pic.twitter.com/TeJZZSSycE
— Hao (@frenzy_hao) June 29, 2020
The criminals exploited the same system in combination with the flash loans from the dYdX protocol. This allowed them to recover and steal over 10 ETH.
After the first attack, the team had also announced that it would reimburse all those who had suffered a loss in an attempt to at least try to limit the damage of what was lost in yesterday’s attack.
Despite the fact that it is a small-scale theft, this makes the case even more incredible because apparently, the best solution would be to pause the protocol and intervene in order to prevent another attack from happening, as it has been discovered that it is possible to exploit this type of mechanism for almost all tokens and all the different pools.
This is a bad start of the week for Balancer, since in a few hours it lost a lot of funds, which of course reflects on the reputation of the protocol both because it did not intervene in time and because it failed to protect the funds from a second attack.
Now the eyes are on decentralized finance (DeFi) and a fundamental aspect of it that is called “composability“, which is the possibility of implementing protocols in other platforms and thus achieve greater efficiency.
Think for instance about what it is possible to do using Ethereum (ETH), which is used to generate the stablecoin DAI and which in turn is used to provide liquidity to the various pools obtaining an interest in return.
However, if these pools are now becoming the main target of the attacks, then it is quite clear that at this point DeFi risks turning into a high-risk tool with the likelihood of users losing their funds.
Finally, these types of attacks act as a warning for future projects to take more measures to counter these risks.