The DeFi Balancer protocol was hacked by an exploit they apparently already knew about

The Balancer automated market making protocol was hacked for over $500,000 in a single Ether (ETH) transaction, again facilitated by a Flash Loan (or quick loan, which allows for instant and easy borrowing without the need for collateral) from the DeFi dYdX platform.


According to analysis conducted by the team within hours of the incident, a carefully crafted transaction was discovered, using more than 8 million GAS, or about two-thirds of a block of Ethereum, which managed to steal more than $500,000 in Ether, Wrapped Bitcoin (WBTC), Chainlink (LINK), and Synthetix (SNX) tokens.


Hackers benefit from blockchain voting, rewards and transparency

A smart move

Dated Sunday at 6 PM UTC, the transaction began with a dYdX Flash Loan for 104,000 ETH, or about $23 million.


The exploit was based on Statera (STA), a deflationary token where 1% of each transaction is automatically burned. Balancer’s smart contracts seem not to have taken this into account, so each transaction was expected to be for the full amount.


The hacker took advantage of this by making transactions between Statera and Ether 24 times. At each step, the STA balance available for the contract decreased by 1%, but the smart contract did not take this into account. Thus, the price of STA remained stable despite the decrease in supply.


As noted in Balancer’s statement, at the end of this procedure the hacker used a function that updated the price based on the actual balance in the pool. As the STA side was empty, a very high price was suddenly set.


The hacker used a „weiSTA“, or one billionth of a token, to make the exchange for other assets on the platform, including ETH, BTC, LINK and SNX. Due to the burning mechanism, the weiSTA never actually made the exchange, which allowed the hacker to repeat the action several times until all the STA pools were dried up.


He then exchanged the rest of the STAs for Bitcoin Evolution tokens and charged Ether with Uniswap.


Divided opinions among experts as to the practical implications of quantum cryptography