Balancer Lauded for 'Excellent Communication' of Multi-Million-Dollar Vulnerability

Balancer appears to have safely dodged a serious hack. For now.

Yesterday, the team behind the popular decentralized exchange announced that they were tipped off to a critical “vulnerability report affecting a number of V2 Pools” and urged users to withdraw funds from “affected liquidity providers (LPs) immediately.”

According to Balancer’s Github page, several pools across eight blockchains in Ethereum, Polygon, Arbitrum, Polygon, Avalanche, Gnosis, Fantom, and zkEVM, were exposed to the vulnerability.

The team said that 1.4% of the protocol’s total locked value worth $11.7 million at the time was at risk.

This morning, Balancer Labs said, "97% of liquidity initially deemed vulnerable is now SAFE.” It did add, however, that around $5.6 million was still at risk.

The team locked access to the vulnerable pools. The only way to withdraw funds from the LPs was through a dedicated user interface.

The project's LPs were also advised to “withdraw ASAP” using the temporary user interface.

The swift and safe turnaround of what would’ve been a catastrophic event for the protocol earned praise from developer experts.

Crypto researcher Laurence Day lauded Balancer’s handling of the situation, calling it a “perfect example of critical vulnerability disclosure done well.” He added that Balancer disclosed a problem but “without enough detail to send scavengers on a hunt.”

“Excellent communication from Balancer,” tweeted Marc Zeller, the founder of the Aavechain Initiative.

In less than a day since Balancer sent the first tweet, liquidity providers withdrew over $200 million from Balancer pools, per DeFiLlama data.

The total value locked or value of assets deposited in the platform dropped from $840 million to $638 million.

Some funds are still at risk on the affected pools, as notified by the team.