Crypto investors got robbed recently thanks to months of planning and loads of technical expertise. Attackers stole $116 million from the investors who were using Balancer, a popular decentralized finance (DeFi) protocol built on the Ethereum blockchain.
Balancer released a preliminary report on the attack on Wednesday, which details how hackers exploited vulnerabilities in the Balancer system to rob the investors.
Here is the multi-tier approach used by the hackers:
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
- Bundled swaps: They grouped a bunch of trades into one big package (called BatchSwaps) to hide what they were doing.
- Flash loans: They borrowed tons of money super fast (without putting up their own cash first), used it to mess things up, then paid it back in seconds.
- Price trick: The hackers changed a math rule that normally rounds prices down to be fair, so they got more coins than they should, thousands of times more.
Basically, the hackers took the investment of Balancer’s users bit by bit. “A lot of the stolen money stayed hidden inside the system at first, then got pulled out later in sneaky follow-up moves,” said Balancer.
Trying To Get The Money Back
The hackers chopped the stolen crypto into $200 bits, threw them into Tornado Cash (a crypto mixer) to mix with other people’s money, and later pulled out clean cash, leaving no trail behind.
Balancer teamed up with security experts and froze about $21 million of the loot right away. That includes:
- 5,041 chunks of “staked ETH” (a locked-up version of Ethereum).
- 13,495 “osGNO” tokens (another type of locked crypto reward).
They even offered a reward to get the loot back: “Give back the money, and we’ll pay you 20% as a thank-you”. But Balancer got no reply from the thieves.
Balancer has now paused all vulnerable features in its system and the team is patching the holes. It’s a wake-up call that once again proves that DeFi is facing more hacks and scams every day.
