Yet Another Balancer Attack for ‘Unclaimed' COMP; DeFi Liquidity Provider to Reimburse Hack Victims

It hasn't been 24 hours since the news about a $500,000 hack on Balancer came that a new attack has claimed $2,300 worth of the hot Compound tokens (COMP).

Hao, a hacker and engineer at DeBank, a DeFi wallet took to Twitter to share how this time as well, someone used Andreessen-funded dYdX to flash loan and drained, yes again, unclaimed COMP stored in several pools of Balancer, an automatic market maker.

The hacker explained that the contract flash loaned some tokens from dYdX to mint cToken from these funds. Then they Uniswap v2 to flash loaned some COMP.

The contract joined COMP/cBAT/cUSDT pool to trigger Compound to send unclaimed COMP to this balancer pool. After syncing COMP balance, the contract withdrew from the balancer at an advantage and continued to do the same for other pools.

After getting all the extra COMP, it repaid Uniswap and dydx and made an exit and swapped COMP for ETH in a normal Uniswap V2 trade.

However, @FollowTheChain said the “unclaimed COMP” is just a tiny fraction of COMP that has accumulated since the last movement of each cToken that happened a few minutes before.

According to Balancer Labs, this attack wasn't like the one from yesterday either.

Amidst this came the good news, that Balancer Labs will be reimbursing all the liquidity providers who lost funds in yesterday's attack.

It will also pay out the “highest bug bounty available” to Hex capital, who alerted about this vulnerability to balancer Labs in May.

“This is a major issue in crypto today – creating bug bounty programs and then ignoring the results + refusing to pay out. We need to do better,” said Hex Capital.

Market Unaffected

Yesterday’s attack involved two pools of the Balancer that contained deflationary tokens STA and STONK, tokens with transfer fees, worth more than $500,000 getting drained by a hacker.

The attack happened in two separate transactions which were 30 minutes apart. And only the pools with a token with transfer fees were affected by the exploit.

DeFi aggregator 1inch in its official report said the attacker was a “very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols.”

Not only was he organized and prepared in advance but also used Tornado Cash, a privacy-focused Ethereum mixer, to get initial funds that hid his source of Ether.

It reported that the attack on one of the Balancer Pools was caused by a complex transaction that the hacker sent to the Ethereum mainnet. Then, with another transaction, the hacker drained another Balancer Pool.

The address with the stolen funds currently has about 601 ETH worth about $133,823.

In its official report on the incident, Balancer Labs reported that it wasn't aware that “his specific type of attack was possible” which now came to be untrue.

However, they have been warning about the unintended effects of ERC20s with transfer fees in the protocol. As such, STA wasn't included in the recently put together mining whitelist of BAL.

Now, transfer fee tokens will be added to the blacklist and will continue to audit, the third planned audit is starting soon, and review the protocol.

However, the market seems unaffected for now, as the total value locked in Balancer is $115 million, down from the all-time high of $117 million just a day before, as per DeFi Pulse.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

AnTy
AnTy
AnTy has been involved in the crypto space full-time for over two years now. Before her blockchain beginnings, she worked with the NGO, Doctor Without Borders as a fundraiser and since then exploring, reading, and creating for different industry segments.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,470FansLike
2,795FollowersFollow
4,194FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Bitcoin Adoption Explosion in Africa, Led by Nigeria, Kenya, and South Africa

Bitcoin continues to gain traction in Africa, with Kenya being the most bitcoin maximalist country, with 94.7% dominance. The top 10 list also contains...

DeFi App Growth Boosts Total Transactions On DApp Blockchains By $4.5B In Q2 2020: DAppRadar Report

In a report by DApp Radar, the total transactional volume on DApps touched the $12 billion mark in Q2 2020, representing a $4.5 billion...

Bitcoin to Follow the Equities Market Up or Down? One-Month Correlation Spikes to an All-Time High

Yet another week of weak price movement. The world’s leading digital asset is trading at $9,072, in red with 24 hours ‘real’ volume of just...

Public Mint Launches Its Blockchain; Over 200 Banks Plan to Support Its Digital Money

vPublic Mint, a firm founded by CNET founder Halsey Minor, has announced the launching of its ‘fiat-native’ public blockchain, which enables anyone to easily...

BTC Halving Week Brings in Record Monthly New Accounts & Doubles the Revenue for BlockFi

The past two months have been incredibly dull for the price of bitcoin, but it didn’t affect the businesses in the cryptocurrency space. The...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today