A Review of Balancer's Security Incidents Over the Years: $21 Million Lost Due to Flash Loans, Front-End Hijacking, and Cross-Protocol Vulnerabilities

ChainCatcher reported that the DeFi protocol Balancer is currently under attack, with losses across multiple chains now exceeding $116.6 million. The attack on Balancer is still ongoing.

According to on-chain AI analysis tool CoinBob, the historical security incidents of Balancer are as follows: · June 2020 Flash Loan Attack: Attackers exploited compatibility issues between deflationary tokens (STA/STONK) and Balancer smart contracts, repeatedly calling swapExactAmountIn to drain liquidity pools, ultimately profiting $523,600. · August 2023 V2 Pool Vulnerability: Balancer V2 pools suffered multiple flash loan attacks due to code vulnerabilities, resulting in total losses of $2.1 million. The team urgently paused affected pools and advised users to withdraw funds, but some funds that were not withdrawn in time were still exploited. · September 2023 Frontend Hijacking Attack: Hackers used BGP/DNS hijacking to control the Balancer frontend, tricking users into authorizing malicious contracts, causing $238,000 in losses. On-chain investigator ZachXBT traced the funds to address 0x645710Af050E26bB96e295bdfB75B4a878088d7E. · 2023 Euler Incident Impact: Due to a vulnerability in Euler Finance, Balancer's bbeUSD pool lost $11.9 million, accounting for 65% of the pool's TVL. The team implemented protective measures to restrict liquidity withdrawals. · 2024 Velocore Attack Connection: The Velocore vulnerability exploitation involved Balancer-style CPMM pools, resulting in $6.8 million in losses. Balancer's technical architecture was indirectly implicated due to cross-protocol integration.