Balancer revisions under scrutiny after more than $100 million in exploitation Coinstar

Many cryptocurrency traders are looking for answers after a successful exploit on decentralized exchange and automated market maker Balancer resulted in the theft of more than $100 million in digital assets.

In X Monday’s post updating users on the exploit, Balancer he said the incident is “isolated to V2 Composable Stable Pools and does not affect Balancer V3 or other Balancer Pools.”

The platform added that it “has been extensively audited by top companies and has long run bug bounties to encourage independent auditors”, questioning how the exploit was achieved.

“Balancer has gone through 10+ revisions,” he said Suhail Kakar, head of developer relations at TAC blockchain at X. “The vault was audited (three) separate times by different companies and still got hacked for $110 million. This space needs to accept that ‘audited by X’ means next to nothing. Code is hard, DeFi is harder.”

According to the Balancer V2 revision list available on GitHub, four different security companies — OpenZeppelin, Trail of Bits, Certora, and ABDK — conducted 11 revisions to the platform’s smart contracts, with the latest at its stable set by Trail of Bits in September 2022.

Cointelegraph contacted OpenZeppelin for comment but did not receive a response at the time of publication. A spokesperson for Trail of Bits declined to comment on the exploit “until the root cause is identified and all Balancer forks are secure.”

Related: ‘Attack on Bitcoin’ — Bitcoiners criticize ‘legal threats’ in soft fork proposal

The exploit, reported early Monday, resulted in more than $116 million worth of staked Ether (ETH) — including StakeWise Staked ETH (OSETH), Wrapped Ether (WETH) and Lido wstETH (wSTETH) — being moved to a newly created wallet. Research analyst Nansen told Cointelegraph that the Balancer incident may have stemmed from a problem with a smart contract that had “a flawed access check that allowed an attacker to send a withdrawal command”.