Over $128 Million Drained from Balancer in Latest DeFi Protocol Exploit

Quick take:

• A Balancer wallet address showed unusually large fund transfers of about 6,587 WETH ($24.5 million), 6,851 osETH ($26.9 million), and 4,260 wstETH (~$19.3 million).
• The funds were still siphoned to the attacker’s wallet when Peckshield highlighted the incident in the morning, with more than $100 million drained.
• Balancer confirmed it was aware of a potential exploit affecting its v2 tools, assuring users that its engineering team had already started investigating the incident “with high priority”.

Decentralised finance protocol Balancer on Monday experienced a massive exploit that saw over $128 million drained from the platform. On-chain security researchers Peckshield and Cyvers first reported the incident on the X platform after noticing millions of dollars of on-chain outflows from the protocol.

According to Peckshield, funds were still being siphoned to the attacker’s wallet when the firm reported the incident. The security firm noticed unusually large fund transfers of about 6,587 WETH ($24.5 million), 6,851 osETH ($26.9 million), and 4,260 wstETH (~$19.3 million), totalling tens of millions.

Peckshield later confirmed that about $128.6 million had been siphoned out. Balancer said in an X post that it was aware of the incident. “We are aware of a potential exploit affecting its v2 tools,” the firm wrote, adding that its engineering team had already started investigating the incident “with high priority”.

Commenting on what could have led to the exploit, Deddy Lavid, Cyvers’ Chief Executive, said: “The ongoing drain likely stems from a compromise of access control mechanisms within the protocol, allowing the attackers to manipulate balances directly. The Balancer team is still attempting to re-establish control, which explains why the exploit continues.”

Although DeFi exploits fell by 85% to about $18 million in October, as per Peckshield, Monday’s incident notches the figures slightly above the total for September, which saw exploits drain just over $127 million.

Stay on top of things:

Subscribe to our newsletter using this link – we won’t spam!

Follow us on X and Telegram.