Balancer Deflation Hack: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/balancerdeflationhack.php}} thumb|BalancerBalancer allows the creation of multi-token pools which rebalance as others use them for trading. The Balancer protocol smart contract hot wallet had a vulnerability to deflationary tokens, which a hacker was able to exploit to steal $523k worth of liquidity. Initially, the project refused to assist affected users and denied responsi...")
 
No edit summary
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/balancerdeflationhack.php}}
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/balancerdeflationhack.php}}
{{Unattributed Citations}}


[[File:Balancer.jpg|thumb|Balancer]]Balancer allows the creation of multi-token pools which rebalance as others use them for trading. The Balancer protocol smart contract hot wallet had a vulnerability to deflationary tokens, which a hacker was able to exploit to steal $523k worth of liquidity.
[[File:Balancer.jpg|thumb|Balancer]]Balancer allows the creation of multi-token pools which rebalance as others use them for trading. The Balancer protocol smart contract hot wallet had a vulnerability to deflationary tokens, which a hacker was able to exploit to steal $523k worth of liquidity.
Line 6: Line 7:


This is a global/international case not involving a specific country.
This is a global/international case not involving a specific country.
<ref name="balancerprotocolmedium-351" /><ref name="peckshieldblog-352" /><ref name="cointelegraph-353" /><ref name="peckshieldmedium-354" /><ref name="coindesk-355" /><ref name="stateraprojecttwitter-356" /><ref name="stateraprojecttwitter-357" /><ref name="newsdotbitcoin-358" /><ref name="cryptoslate-359" /><ref name="ciphertrace-1152" /><ref name="slowmisthacked-678" /><ref name="openzeppelinforum-1155" /><ref name="cryptobriefing-825" /><ref name="certik-1776" /><ref name="cryptosec-5385" /><ref name="balancerfi-5425" /><ref name="balancerfidocs-5426" /><ref name="ankur63065medium-5427" /><ref name="hexcapitaltwitter-5428" /><ref name="defipulsetwitter-5429" /><ref name="balancerlabstwitter-5430" /><ref name="balancerlabstwitter-5431" /><ref name="balancerlabstwitter-5432" /><ref name="balancerprotocolmedium-5433" /><ref name="theblockcrypto-5434" /><ref name="cryptoticker-5435" /><ref name="azcoinnews-7524" />


== About Balancer ==
== About Balancer ==
Line 49: Line 51:


Don't Include:
Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
* Anything that wasn't reasonably knowable at the time of the event.
Line 71: Line 72:
|-
|-
|June 28th, 2020 12:03:11 PM
|June 28th, 2020 12:03:11 PM
|First Event
|Main Event
|This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|-
|
|
|
|-
|-
|
|
Line 84: Line 81:


== Total Amount Lost ==
== Total Amount Lost ==
The total amount lost is unknown.
The total amount lost has been estimated at $523,000 USD.


How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Line 95: Line 92:


== Total Amount Recovered ==
== Total Amount Recovered ==
It is unknown how much was recovered.
The total amount recovered has been estimated at $523,000 USD.


What funds were recovered? What funds were reimbursed for those affected users?
What funds were recovered? What funds were reimbursed for those affected users?
Line 106: Line 103:


== References ==
== References ==
[https://medium.com/balancer-protocol/incident-with-non-standard-erc20-deflationary-tokens-95a0f6d46dea Incident with non-standard ERC20 deflationary tokens] (Jun 27)
<references><ref name="balancerprotocolmedium-351">[https://medium.com/balancer-protocol/incident-with-non-standard-erc20-deflationary-tokens-95a0f6d46dea Incident with non-standard ERC20 deflationary tokens] (Jun 27, 2020)</ref>


[https://blog.peckshield.com/2020/06/28/balancer/ Balancer Hacks: Root Cause and Loss Analysis] (Jun 27)
<ref name="peckshieldblog-352">[https://blog.peckshield.com/2020/06/28/balancer/ Balancer Hacks: Root Cause and Loss Analysis] (Jun 27, 2020)</ref>


[https://cointelegraph.com/news/defi-protocol-balancer-hacked-through-exploit-it-seemingly-knew-about DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About] (Jun 28)
<ref name="cointelegraph-353">[https://cointelegraph.com/news/defi-protocol-balancer-hacked-through-exploit-it-seemingly-knew-about DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About] (Jun 28, 2020)</ref>


[https://medium.com/@peckshield/balancer-hacks-root-cause-and-loss-analysis-4916f7f0fff5 Balancer Hacks: Root Cause and Loss Analysis] (Jun 28)
<ref name="peckshieldmedium-354">[https://medium.com/@peckshield/balancer-hacks-root-cause-and-loss-analysis-4916f7f0fff5 Balancer Hacks: Root Cause and Loss Analysis] (Jun 28, 2020)</ref>


[https://www.coindesk.com/hacker-drains-defi-liquidity-balancer Hacker Drains $500K From DeFi Liquidity Provider Balancer - CoinDesk] (Jun 28)
<ref name="coindesk-355">[https://www.coindesk.com/hacker-drains-defi-liquidity-balancer Hacker Drains $500K From DeFi Liquidity Provider Balancer - CoinDesk] (Jun 28, 2020)</ref>


[https://twitter.com/StateraProject/status/1277627674110889984 @StateraProject - Twitter] (Jun 28)
<ref name="stateraprojecttwitter-356">[https://twitter.com/StateraProject/status/1277627674110889984 @StateraProject - Twitter] (Jun 28, 2020)</ref>


[https://twitter.com/StateraProject/status/1270395917615669250 @StateraProject - Twitter] (Jun 28)
<ref name="stateraprojecttwitter-357">[https://twitter.com/StateraProject/status/1270395917615669250 @StateraProject - Twitter] (Jun 28, 2020)</ref>


[https://news.bitcoin.com/sophisticated-hacker-plunders-450000-from-defi-protocol-balancer/ 'Sophisticated' Hacker Plunders $450,000 From Defi Protocol Balancer | Altcoins Bitcoin News] (Jun 28)
<ref name="newsdotbitcoin-358">[https://news.bitcoin.com/sophisticated-hacker-plunders-450000-from-defi-protocol-balancer/ 'Sophisticated' Hacker Plunders $450,000 From Defi Protocol Balancer | Altcoins Bitcoin News] (Jun 28, 2020)</ref>


[https://cryptoslate.com/defi-platform-balancer-to-reimburse-500k-in-hack-losses-community-threatens-legal-action/ DeFi platform Balancer to reimburse $500k in hack losses; community threatens legal action | CryptoSlate] (Jun 29)
<ref name="cryptoslate-359">[https://cryptoslate.com/defi-platform-balancer-to-reimburse-500k-in-hack-losses-community-threatens-legal-action/ DeFi platform Balancer to reimburse $500k in hack losses; community threatens legal action | CryptoSlate] (Jun 29, 2020)</ref>


[https://ciphertrace.com/wp-content/uploads/2021/01/CipherTrace-Cryptocurrency-Crime-and-Anti-Money-Laundering-Report-012821.pdf CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020] (Jun 19)
<ref name="ciphertrace-1152">[https://ciphertrace.com/wp-content/uploads/2021/01/CipherTrace-Cryptocurrency-Crime-and-Anti-Money-Laundering-Report-012821.pdf CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020] (Jun 19, 2021)</ref>


[https://hacked.slowmist.io/en/?c=ETH%20DApp SlowMist Hacked - SlowMist Zone] (May 17)
<ref name="slowmisthacked-678">[https://hacked.slowmist.io/en/?c=ETH%20DApp SlowMist Hacked - SlowMist Zone] (May 17, 2021)</ref>


[https://forum.openzeppelin.com/t/list-of-ethereum-smart-contracts-post-mortems/1191 List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community] (Jun 22)
<ref name="openzeppelinforum-1155">[https://forum.openzeppelin.com/t/list-of-ethereum-smart-contracts-post-mortems/1191 List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community] (Jun 22, 2021)</ref>


[https://cryptobriefing.com/50-million-lost-the-top-19-defi-cryptocurrency-hacks-2020/ Millions Lost: The Top 19 DeFi Cryptocurrency Hacks of 2020 | Crypto Briefing] (May 21)
<ref name="cryptobriefing-825">[https://cryptobriefing.com/50-million-lost-the-top-19-defi-cryptocurrency-hacks-2020/ Millions Lost: The Top 19 DeFi Cryptocurrency Hacks of 2020 | Crypto Briefing] (May 21, 2021)</ref>


[https://www.certik.org/blog/blockchain-hacks-2020-15-billion-lost-how-can-we-mitigate-hacks-in-2021 Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog] (Jul 22)
<ref name="certik-1776">[https://www.certik.org/blog/blockchain-hacks-2020-15-billion-lost-how-can-we-mitigate-hacks-in-2021 Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog] (Jul 22, 2021)</ref>


[https://cryptosec.info/defi-hacks/ Comprehensive List of DeFi Hacks & Exploits - CryptoSec] (Jan 8)
<ref name="cryptosec-5385">[https://cryptosec.info/defi-hacks/ Comprehensive List of DeFi Hacks & Exploits - CryptoSec] (Jan 8, 2022)</ref>


[https://balancer.fi/ Balancer AMM DeFi Protocol] (Jan 9)
<ref name="balancerfi-5425">[https://balancer.fi/ Balancer AMM DeFi Protocol] (Jan 9, 2022)</ref>


[https://docs.balancer.fi/ Welcome - Balancer] (Jan 9)
<ref name="balancerfidocs-5426">[https://docs.balancer.fi/ Welcome - Balancer] (Jan 9, 2022)</ref>


[https://medium.com/@ankur_63065/balancer-labs-incident-when-bug-bounties-fail-d783553bbcaf https://medium.com/@ankur_63065/balancer-labs-incident-when-bug-bounties-fail-d783553bbcaf] (Jan 9)
<ref name="ankur63065medium-5427">[https://medium.com/@ankur_63065/balancer-labs-incident-when-bug-bounties-fail-d783553bbcaf https://medium.com/@ankur_63065/balancer-labs-incident-when-bug-bounties-fail-d783553bbcaf] (Jan 9, 2022)</ref>


[https://twitter.com/Hex_Capital/status/1277604555639808000 @Hex_Capital Twitter] (Jan 9)
<ref name="hexcapitaltwitter-5428">[https://twitter.com/Hex_Capital/status/1277604555639808000 @Hex_Capital Twitter] (Jan 9, 2022)</ref>


[https://twitter.com/defipulse/status/1268263868691816449 @defipulse Twitter] (Jan 9)
<ref name="defipulsetwitter-5429">[https://twitter.com/defipulse/status/1268263868691816449 @defipulse Twitter] (Jan 9, 2022)</ref>


[https://twitter.com/BalancerLabs/status/1277404809679769601 @BalancerLabs Twitter] (Jan 9)
<ref name="balancerlabstwitter-5430">[https://twitter.com/BalancerLabs/status/1277404809679769601 @BalancerLabs Twitter] (Jan 9, 2022)</ref>


[https://twitter.com/BalancerLabs/status/1277600623865847808 @BalancerLabs Twitter] (Jan 9)
<ref name="balancerlabstwitter-5431">[https://twitter.com/BalancerLabs/status/1277600623865847808 @BalancerLabs Twitter] (Jan 9, 2022)</ref>


[https://twitter.com/BalancerLabs/status/1277778500355870720 @BalancerLabs Twitter] (Jan 9)
<ref name="balancerlabstwitter-5432">[https://twitter.com/BalancerLabs/status/1277778500355870720 @BalancerLabs Twitter] (Jan 9, 2022)</ref>


[https://medium.com/balancer-protocol/update-2-incident-with-non-standard-erc20-deflationary-tokens-f3a7cedf6292 Update 2 Incident With Non Standard Erc20 Deflationary Tokens] (Jan 9)
<ref name="balancerprotocolmedium-5433">[https://medium.com/balancer-protocol/update-2-incident-with-non-standard-erc20-deflationary-tokens-f3a7cedf6292 Update 2 Incident With Non Standard Erc20 Deflationary Tokens] (Jan 9, 2022)</ref>


[https://www.theblockcrypto.com/linked/69861/balancer-to-compensate-victims-of-450000-exploits-and-reward-white-hat-hacker Balancer to compensate victims of $450,000 exploits and reward white hat hacker] (Jan 9)
<ref name="theblockcrypto-5434">[https://www.theblockcrypto.com/linked/69861/balancer-to-compensate-victims-of-450000-exploits-and-reward-white-hat-hacker Balancer to compensate victims of $450,000 exploits and reward white hat hacker] (Jan 9, 2022)</ref>


[https://cryptoticker.io/en/balancer-pools-hacked/ Balancer Pools Get Drained Off $500K Through STA Exploit, Team Reimburses - CryptoTicker] (Jan 9)
<ref name="cryptoticker-5435">[https://cryptoticker.io/en/balancer-pools-hacked/ Balancer Pools Get Drained Off $500K Through STA Exploit, Team Reimburses - CryptoTicker] (Jan 9, 2022)</ref>


[https://azcoinnews.com/balancer-hacked-twice-within-24-hours-this-time-is-compound-tokens-comp.html Balancer hacked twice within 24 hours, though this time is relatively small around $2,300 worth of Compound tokens (COMP) - AZCoin News] (Apr 10)
<ref name="azcoinnews-7524">[https://azcoinnews.com/balancer-hacked-twice-within-24-hours-this-time-is-compound-tokens-comp.html Balancer hacked twice within 24 hours, though this time is relatively small around $2,300 worth of Compound tokens (COMP) - AZCoin News] (Apr 10, 2022)</ref></references>

Revision as of 11:18, 17 February 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Balancer

Balancer allows the creation of multi-token pools which rebalance as others use them for trading. The Balancer protocol smart contract hot wallet had a vulnerability to deflationary tokens, which a hacker was able to exploit to steal $523k worth of liquidity.

Initially, the project refused to assist affected users and denied responsibility. However, this decision was reversed after it was determined that a previous bug bounty report had been made (and ignored at the time) about the vulnerability. In the end, Balancer paid out the bug bounty and repaid all affected users.

This is a global/international case not involving a specific country. [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27]

About Balancer

"Automated portfolio manager and trading platform. Put your cryptoassets to work and get the best prices for trades." "Balancer is a community-driven protocol, automated portfolio manager, liquidity provider, and price sensor that empowers decentralized exchange and the automated portfolio management of tokens on the Ethereum blockchain and other EVM compatible systems."

"Balancer turns the concept of an index fund on its head: instead of paying fees to portfolio managers to rebalance your portfolio, you collect fees from traders who rebalance your portfolio by following arbitrage opportunities." "Balancer Pools contains two or more tokens that traders can swap between. Liquidity Providers put their tokens in the pools in order to collect swap fees." "Balancer adopts powerful features to slash gas costs, super-charge capital efficiency, unlock arbitrage with zero-token starting capital, and open the door to custom AMMs."

"Balancer enables efficient trading by pooling crowdsourced liquidity from investor portfolios and using its Smart Order Router to find traders the best available price. Exchange any combination of ERC-20 tokens permissionlessly, with ease." "The Balancer Protocol is a core building block of DeFi infrastructure—a unique financial primitive and permissionless development platform. Balancer is the most flexible and versatile Automated Market Maker, giving developers unprecedented customizability."

As of June 3rd, there were "153 pools with over $10.2M total liquidity."

"Started at 06:03:11 PM +UTC, Jun-28-2020, the DeFi platform, Balancer, was attacked by exploiting its flawed handling of ERC20 deflationary tokens." "Balancer Pool admitted early [on June 29th, 2020] it had fallen victim to a sophisticated hack that exploited a loophole, tricking the protocol into releasing $500,000 worth of tokens." "The hacker made off with around 601 ether, 11 wrapped bitcoin (WBTC), 22,600 chainlink (LINK), and 61,000 synthetix (SNX)" "Technically, the main logic behind the incident is the incompatibility between Balancer and deflationary tokens, which is then misused by the attacker to create skewed STA/STONK pools states and make profits from that."

"[T]he transaction begins with a flash loan from dYdX for 104,000 ETH, or about $23 million." "The exploit relied on Statera (STA), a deflationary token where 1% of every transaction is automatically burned. Balancer’s smart contracts seem to have failed to account for this, thus expecting that each transaction would be for the full amount." "The hacker exploited this by exchanging back and forth between Statera and Ether 24 times. At each step, the STA balance available to the contract diminished by 1%, but the smart contract did not account for this. Thus, the price of STA remained stable despite the dwindling supply." "[A]t the end of this procedure the attacker called a function that updated the price based on the effective pool balance. Since the STA side was empty, it was suddenly priced at a huge premium." "The hacker used a “weiSTA,” or one billionth of a token, to swap for other assets on the platform, including ETH, BTC, LINK and SNX. Due to the burn mechanism, the weiSTA was never actually exchanged, which allowed the hacker to perform the transfer multiple times until all STA pools were dried." "They then exchanged the remainder of the STA to Balancer Pool tokens and cashed them out to Ether with Uniswap."

"The attack vector is quite simple. Balancer pools were not designed with deflationary tokens (like Statera and STONK) in mind. Specifically, these kinds of tokens include a transferFee that are assessed whenever transfer() or transferFrom() functions are called to move funds. For example, transferring 100 Statera tokens into a Balancer pool would result in only 99 tokens being added to the pool since 1 token would be burned in the process."

"The key difference between Balancer and Uniswap, which handles these tokens correctly, is that a Balancer Pool contract does not double check its actual token balance before performing a swap. Instead, it assumes a successful transferFrom() call with 100 erc20 tokens will result in its token balance increasing by that exact amount, 100 tokens, and stores this value in a storage variable called _records[address]. This causes _records[address] to be inaccurate when dealing with deflationary tokens."

"Balancer pools also include a function called gulp() which can be called to update the stored token balance in _records[address] to the actual value. This function was intended to be used for inflationary tokens but actually represents an attack vector when used with deflationary tokens."

"The Balancer team is being accused by a security researcher and the STA team for ignoring a bug report submitted almost two months before. Balancer’s CTO, Mike McDonald, confirmed the existence of the report, claiming that the issue outlined in it was essentially unexploitable and blaming flash loans for the incident. It is worth noting that any exploit made possible by a flash loan is also vulnerable to hackers with significant funds." “The only warning they have is on their website which suggests that the project is in beta and all funds are at risk.” "The hacker’s identity remains a mystery but analysts at 1inch exchange, a decentralized exchange aggregator, said the hacker had covered their tracks well: The ether used to pay transaction fees and deploy smart contracts was laundered through Tornado Cash, an Ethereum-based mixer service."

"“The person behind this attack was [a] very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols,” 1inch said in its blog post on the breach." "“We deeply regret, apologize and sincerely extend our condolences to all the victims of this attack,” Statera said in an official announcement." The CTO posts that they "will begin adding transfer fee tokens to the UI blacklist similarly to what we have done for no bool transfer tokens. Note that these lists will be non-exhaustive and any new tokens can be added to Balancer at any point." "The project [initially] added that it was not in a position to be able to refund the attacker’s victims."

"[S]ome community members called for lawsuits against the firm and its developers hours after the hack came to light." "After thorough discussions with the community, the Balancer Labs team decided that it [would] fully reimburse all the liquidity providers who lost funds in the attack." "Balancer Labs [clarified they made the decision to] reimburse the losses of liquidity providers in the attack [because] the team had already received a specific bug bounty report prior to the hack."

"After thorough discussions with the community, the Balancer Labs team decided that it will fully reimburse all the liquidity providers who lost funds in the attack of yesterday. We will also pay out the highest bug bounty available for @Hex_Capital." "The bug bounty report describes in detail the attack that happened. Our team however did not think it would be a practical attack because of the enormous amounts of funds and also gas we thought would be required for bringing the balance of the deflationary token to near 0 in a single atomic transaction." "We at Balancer Labs are all human beings working a lot and under a lot of stress. Unfortunately we are bound to make mistakes and wrong decisions and thinking the attack was not viable was most definitely one of them. We sincerely apologize to Ankur Agrawal (Hex_Capital) who submitted the report and will award them the maximum amount available in our current bug bounty."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Balancer Deflation Hack
Date Event Description
June 28th, 2020 12:03:11 PM Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost has been estimated at $523,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

The total amount recovered has been estimated at $523,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Smart contracts are still in their infancy. Even a smart contract with two audits cannot be guaranteed to be safe. The safest storage is offline multi-sig. Funds in hot wallets should be limited to that which can be insured by a treasury, industry insurance fund, or smart contract insurance protocol.

References

  1. Incident with non-standard ERC20 deflationary tokens (Jun 27, 2020)
  2. Balancer Hacks: Root Cause and Loss Analysis (Jun 27, 2020)
  3. DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About (Jun 28, 2020)
  4. Balancer Hacks: Root Cause and Loss Analysis (Jun 28, 2020)
  5. Hacker Drains $500K From DeFi Liquidity Provider Balancer - CoinDesk (Jun 28, 2020)
  6. @StateraProject - Twitter (Jun 28, 2020)
  7. @StateraProject - Twitter (Jun 28, 2020)
  8. 'Sophisticated' Hacker Plunders $450,000 From Defi Protocol Balancer | Altcoins Bitcoin News (Jun 28, 2020)
  9. DeFi platform Balancer to reimburse $500k in hack losses; community threatens legal action | CryptoSlate (Jun 29, 2020)
  10. CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 19, 2021)
  11. SlowMist Hacked - SlowMist Zone (May 17, 2021)
  12. List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community (Jun 22, 2021)
  13. Millions Lost: The Top 19 DeFi Cryptocurrency Hacks of 2020 | Crypto Briefing (May 21, 2021)
  14. Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog (Jul 22, 2021)
  15. Comprehensive List of DeFi Hacks & Exploits - CryptoSec (Jan 8, 2022)
  16. Balancer AMM DeFi Protocol (Jan 9, 2022)
  17. Welcome - Balancer (Jan 9, 2022)
  18. https://medium.com/@ankur_63065/balancer-labs-incident-when-bug-bounties-fail-d783553bbcaf (Jan 9, 2022)
  19. @Hex_Capital Twitter (Jan 9, 2022)
  20. @defipulse Twitter (Jan 9, 2022)
  21. @BalancerLabs Twitter (Jan 9, 2022)
  22. @BalancerLabs Twitter (Jan 9, 2022)
  23. @BalancerLabs Twitter (Jan 9, 2022)
  24. Update 2 Incident With Non Standard Erc20 Deflationary Tokens (Jan 9, 2022)
  25. Balancer to compensate victims of $450,000 exploits and reward white hat hacker (Jan 9, 2022)
  26. Balancer Pools Get Drained Off $500K Through STA Exploit, Team Reimburses - CryptoTicker (Jan 9, 2022)
  27. Balancer hacked twice within 24 hours, though this time is relatively small around $2,300 worth of Compound tokens (COMP) - AZCoin News (Apr 10, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Balancer_Deflation_Hack&oldid=2165"