Ethereum automated market maker and decentralized finance protocol Balancer has confirmed being exploited for approximately $900,000 on X, just a few days after disclosing a security vulnerability that affected several pools. Balancer announced the existence of a vulnerability in enhanced pools that include assets at risk in the Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM ecosystems, urging users to move their funds to secure pools.
A Ethereum address allegedly belonging to the attacker was uncovered by blockchain security expert Meier Dolev. Following the exploit, the address received two Dai stablecoin transfers worth $636,812 and $257,527 respectively, increasing its total balance to over $893,978.
The protocol team stated that “Balancer is aware of an exploit related to the following vulnerability” and added that while recent mitigation measures have significantly reduced the risks, the affected pools could not be paused. They advised users to withdraw their assets from the affected pools to prevent further exploits.
Balancer initially disclosed a critical security vulnerability affecting their enhanced pools on August 22, urging users to withdraw funds from liquidity providers (LPs) and pause pools to mitigate potential damages. The at-risk assets were present on the Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM ecosystems.
On the day the vulnerability was discovered, only 1.4% of the total assets were at risk, representing a risk of over $5 million. On August 24, at least $2.8 million, or 0.42% of the total locked value, remained at risk, leading Balancer to warn users:
“We believe funds in mitigated pools are safe, but we strongly advise timely migration to safe pools or withdrawal of assets. Unmitigated pools are labeled as ‘at risk.’ If you are an LP in any of these pools, please exit immediately.”
The protocol transitioned to the Optimism network in June last year to enhance user functionality and reduce fees.