Balancer's Annual Security Incident Review: Total Losses Exceed $21 Million Due to Flash Loans, Front-End Hijacking, and Cross-Protocol Vulnerabilities

BlockBeats News, November 3rd, the DeFi protocol Balancer is currently under attack, with losses exceeding $1.166 billion across multiple chains, and the attack on Balancer is still ongoing. According to on-chain AI analysis tool CoinBob (@CoinbobAI_bot) summary, Balancer's historical security events are as follows:

· June 2020 Flash Loan Attack: An attacker exploited the compatibility issue between deflationary tokens (STA/STONK) and the Balancer smart contract, draining the liquidity pool by repeatedly calling swapExactAmountIn, ultimately profiting $523,600.

· August 2023 V2 Pool Vulnerability: The Balancer V2 pool was subjected to multiple flash loan attacks due to a code vulnerability, resulting in a total loss of $2.1 million. The team urgently paused the affected pool and advised users to withdraw, but funds that were not withdrawn in time were still exploited.

· September 2023 Frontend Hijacking Attack: A hacker seized control of the Balancer frontend through BGP/DNS hijacking, tricking users into authorizing a malicious contract, resulting in a loss of $238,000. On-chain sleuth ZachXBT traced the fund flow to address 0x645710Af050E26bB96e295bdfB75B4a878088d7E.

· 2023 Euler Incident Fallout: Due to a vulnerability in Euler Finance, the Balancer bbeUSD pool suffered a $11.9 million loss, representing 65% of the pool's TVL. The team took protective measures to restrict liquidity withdrawals.

· 2024 Velocore Attack Affiliation: The Velocore exploit involving a Balancer-style CPMM pool resulted in a $6.8 million loss. Balancer's technical architecture was indirectly implicated due to cross-protocol integration.