Key takeaways:
- Decentralized financial protocol and automated market maker for Ethereum In light of the August 22 vulnerability finding, Balancer issued a warning of $2.8 million
- The assets on Balancer’s deployment on Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM are among the at-risk ones.
Decentralized financial protocol and automated market maker for Ethereum In light of the August 22 vulnerability finding, Balancer issued a warning that $2.8 million, or 0.42 percent of its total value locked (TVL), is still vulnerable.
The statement from August 24 instructs users to “withdraw ASAP” if their wallets are linked to the concerned liquidity provider (LP) pools. The protocol’s website provided a personal user interface that users could use to check whether their funds were in danger. On the website, it is then advised to unstake, withdraw, and unwrap the affected tokens.
The assets on Balancer’s deployment on Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and zkEVM are among the at-risk ones.
After 80% of the critical vulnerability was addressed by developers on the day of discovery, Balancer said that 4% of their $669 million in TVL was affected. Balancer stated in an update on August 23 that the vulnerability had not been used but that funds worth $5.6 million were still at risk. Developers said:
“We believe funds in the mitigated pools (labeled “mitigated”) are safe, but nevertheless strongly recommend timely migration to safe pools, or withdrawal. Pools that could not be mitigated are labeled ‘at risk’. If you are an LP in any of these pools, please exit immediately.”
On June 2, the Ethereum layer-2 network Optimism saw the debut of Balancer. According to Balancer Labs CEO Fernando Martinelli, the Optimism deployment illustrates his optimism that layer-2 scaling solutions will successfully lower transaction costs and network congestion. There were 38 projects in total being built on the Optimism network at the time.
The $1 million Cypher vulnerability happened on August 8. Security specialists are still trying to determine what caused it. The nearly $600,000 worth of cryptocurrency stolen in the attack was frozen by several centralized exchanges, preventing the attacker from cashing it in.