Quick take:
- The firm later responded with a statement explaining what its initial post meant, subsequently implying its intentions may have been misunderstood.
- “Our intent was never to imply that we knew about the vulnerability and withheld it,” Webacy explained.
- The team said they only realized that Balancer’s contract had been flagged after the exploit, when reviewing historical data.
On-chain security firm Webacy has received criticism from the online community after sharing a post on the X platform saying its systems flagged the Balancer exploit two weeks ago.
Balancer learned of the exploit on Monday after security firms Peckshield and Cyvers noticed unusually huge fund transfers on Etherscan, with more than $128 million stolen, according to reports.
The decentralised finance protocol has since launched investigations into the incident, identifying its V2 tools as being the target of the attacker.
With so much stolen, it came as a surprise to the crypto community on the X platform when Webacy shared that the incident could have been prevented.
This comment sparked massive uproar on the platform with Laurence of Wildcat Labs, developers of the decentralised lending protocol, Wildcat Finance, calling it “an INSANELY shitty thing to do.”
“Your obligation as a crypto security company that isn’t staffed with assholes is to pre-warn and discuss compensation later,” he wrote.
Popular on-chain researcher ZachXBT also shared his thoughts on the post, referencing to a research from four months ago, which cast a net on a potentially major industry conspiracy.
According to a ZachXBT post from July, “more than $16.58 million in payments since January 1, 2025, or $2.76M per month has been sent to North Korean IT workers hired as developers at various projects & companies.”
But Webacy was quick to clarify its earlier post, explaining in a social media statement that the team never intended “ to imply that we knew about the vulnerability and withheld it.”
“Our systems automatically scan thousands of smart contracts every day, surfacing thousands of potential issues across deployed code. These findings are publicly visible on our free platform for anyone to check, including developers and auditors,” the team explained, adding that it only “realized that Balancer’s contract had been flagged after the exploit, when reviewing our historical data.”
According to the security firm, all it intended to do was “to highlight that this type of vulnerability was detectable and that better preventive tooling can stop future losses, not to assign blame or take credit for flagging it.”
Stay on top of things:
Subscribe to our newsletter using this link – we won’t spam!
