HomeBlockchainSecuritySecond hack against Balancer

Second hack against Balancer

New hack against Balancer. A few hours after the first attack that involved the DeFi protocol and led to the loss of almost half a million dollars, a second attack was carried out using the same strategy, this time against the COMP token.


The criminals exploited the same system in combination with the flash loans from the dYdX protocol. This allowed them to recover and steal over 10 ETH.

After the first attack, the team had also announced that it would reimburse all those who had suffered a loss in an attempt to at least try to limit the damage of what was lost in yesterday’s attack.

Despite the fact that it is a small-scale theft, this makes the case even more incredible because apparently, the best solution would be to pause the protocol and intervene in order to prevent another attack from happening, as it has been discovered that it is possible to exploit this type of mechanism for almost all tokens and all the different pools.

This is a bad start of the week for Balancer, since in a few hours it lost a lot of funds, which of course reflects on the reputation of the protocol both because it did not intervene in time and because it failed to protect the funds from a second attack.

Now the eyes are on decentralized finance (DeFi) and a fundamental aspect of it that is called “composability“, which is the possibility of implementing protocols in other platforms and thus achieve greater efficiency.

Think for instance about what it is possible to do using Ethereum (ETH), which is used to generate the stablecoin DAI and which in turn is used to provide liquidity to the various pools obtaining an interest in return.

However, if these pools are now becoming the main target of the attacks, then it is quite clear that at this point DeFi risks turning into a high-risk tool with the likelihood of users losing their funds.

Finally, these types of attacks act as a warning for future projects to take more measures to counter these risks.


Alfredo de Candia
Alfredo de Candia
Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.