Decentralized finance (DeFi) liquidity providing platform Balancer was hacked today, reportedly with USD 500,000 worth of crypto stolen.
Following several reports online, Balancer confirmed that on June 29 an incident occurred, affecting two pools containing transfer fees, known as deflationary tokens.
Their report provided steps for how this was done, entailing taking a flash loan in ethereum (ETH) from the non-custodial exchange dYdX, converting them to WETH (Wrapped Ethereum), trade more of this WETH and STA tokens, draining the STA balance from the pool, and as the balance is close to zero, “its price relative to the other tokens is extremely high and the attacker can now use STA to swap for other assets in the pool extremely cheaply,” said the platform. This report didn’t explicitly say how much money was stolen, providing a contract explorer instead.
The 1inch exchange also put out a report, saying that, following a number of complex steps, “due to STA token transfer fee implementation, the pool never received STA but released WETH regardless. The same step was repeated to drain WBTC, SNX and LINK token balances from the pool.” All in all, they write, the attacker took out more than USD 500,000, transferring it to this address, which currently holds ETH 601 (c. USD 134,000).
1. dYdX flash loan for 104k $wETH
2. Swap $wETH for $STA 24 times, draining the $STA balance from the pool
3. Swap 1 weiSTA to $wETH multiple times, bug in $STA transfers pool never receives STA but relases wETH
4. Repay 104k wETH flashloan.
— John Wineman (@johnwineman) June 29, 2020
If this sounds familiar, it’s because we saw similar attacks happening earlier this year. Back in February, tokenized margin trading and lending platform bZx suffered two attacks, which were defined as not an oracle attack, but “a clever arbitrage execution.”
In April, another blow was delivered to the young industry of DeFi, when attackers exploited a known vulnerability in the callback mechanism of ERC777 (imBTC, an Ethereum token valued at 1:1 rate with bitcoin (BTC)), which allowed them to hijack a transaction and sell the same batch of tokens multiple times. The attacks at the time affected Uniswap and Lendf.Me.
Redditors argued that this Balancer attack was similar to the Lendf.Me hack “which used the ERC777 standard for copy/pasted code which Compound designed only for ERC20 tokens because they knew it would leave ERC777 tokens vulnerable to hacks.” Angel investor John Wineman was also among those who noticed this similarity.
Redditor ‘Tricky_Troll’ said that the fact that these are deflationary tokens is relevant as Balancer “warned people not to create a pool with tokens that have a transaction fee or aren’t of the ERC20 standard.”
In their report, Balancer said that they “were not aware this specific type of attack was possible,” but that they “consistently […] warned about the unintended effects ERC20s with transfer fees could have in the protocol,” and that this is why STA was not included in the BAL mining whitelist. “The system is designed for compliant ERC20’s and when tokens behave unintended ways, bad things can happen,” they said.
Hex Capital argued that the vulnerability was known, saying that they submitted “this exact attack vector to your bug bounty program on 5/6 and was denied payment,” adding: “Statera Project pool was drained because Balancer Labs refused to acknowledge this critical vulnerability I alerted them about in MAY. This is a major issue in crypto today – creating bug bounty programs and then ignoring the results + refusing to pay out. We need to do better”.
Balancer’s Co-founder and Chief Technology Officer, Mike McDonald, wrote that the submitted report discussed “trading a pool and slowly decreasing the pools balance vs internal balance which we were aware of and why warnings existed. Today worked because of flashlending. That is my fault and I apologize for not taking more time to review other consequences of what could happen.”
The report mentions swapping to get an asset close to 0. I didn’t take into account flash lending and figured a 1% transfer fee would be impossible to get anywhere close to that level on normal swaps (that get more expensive each trade). Again I’ll take full responsibility here
— Mike McDonald (@mikeraymcdonald) June 29, 2020
1inch writes that “the person behind this attack was very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols”, and that “the attack was organized and well prepared in advance.”
SetProtocol product marketing manager Anthony Sassano argued that, given that ETH mixer Tornado Cash was used to fund the first wallet, “DeFi attackers are getting more sophisticated and creative.”
more evidence for the hypothesis that the more liquidity in mixers, the more the addressable market for exploits and hacks increases
— nic carter (@nic__carter) June 29, 2020
Others wonder if there was some foul play involved. “That sounds really negligent, almost like it could have been on purpose,” said ‘rahul8658’ on the Reddit thread. “Exit scam with plausible deniability?,” asked ‘Ethereum Customer Support’ on Twitter.
Whoever was behind it certainly perfected their game & took advantage of the “liquidity mining” craze to attract more people depositing.
It looks like The Burn token also had liquidity drained, although not with a flashloan. https://t.co/OK3aMb6qg4
— Ethereum Customer Support (@CurrencyTycoon) June 29, 2020
Balancer has had a very turbulent week. It made a splash just days ago, immediately after it started distributing its new BAL token to users.
Soon after that, however, the team behind the new protocol had to intervene to stop the FTX exchange from continuing to exploit a weakness in the token distribution system.
Unlike what was seen following the second attack on bZx, the total value locked (TVL) in DeFi did not sharply drop this time around, standing at USD 1.62 billion.
There has been a change in ranking, however, with Compound now taking the first spot, followed by Maker, and Synthetix, and Balancer dropping to the fourth place, having the TVL of USD 116.3 million. It dropped 142% in the last 24 hours, per Defi Pulse.
According to the token’s contract address on Etherscan (at 8:50 UTC), BAL is trading at USD 11.5, nearly half the USD 20.5 reported five days ago.
We contacted Balancer Labs and will update should they reply.