- Balancer, a liquidity protocol, discovered a critical vulnerability affecting over 100 of its v2 pools across eight blockchains.
- The issue has been mitigated in around 97% of the impacted pools, but some funds remain at risk.
- The vulnerability has not been exploited, and no funds have been lost.
- Balancer urges users to exit from affected pools immediately and warns about phishing scams.
Balancer, a liquidity protocol, discovered a critical vulnerability affecting over 100 of its v2 pools across eight blockchains
Balancer, a protocol that allows users to create self-balancing portfolios of tokens, reported a critical vulnerability affecting some of its v2 pools on Sunday. The vulnerability was detected by an external security researcher and disclosed by Balancer Labs on its forum. The issue could potentially allow an attacker to drain funds from the affected pools by exploiting a flaw in the pool initialization logic.
The issue has been mitigated in around 97% of the impacted pools, but some funds remain at risk
Balancer Labs said that it executed emergency mitigation procedures to secure the majority of the total value locked (TVL) in the protocol. According to the latest update 2, over 97% of the liquidity initially deemed vulnerable is now safe. However, some funds are still at risk, representing about 0.89% of the TVL, or $5.6 million at the time of writing. The affected pools are spread across eight blockchains: Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom, and Zkevm. Balancer Labs posted a list of the affected pools on its GitHub page and activated its emergency subDAO, which allows users to exit from affected pools without paying fees.
We have received a critical vulnerability report affecting a number of V2 Pools. Emergency mitigation procedures have been executed to secure a majority of TVL, but some funds remain at risk. Users are advised to withdraw affected LPs immediately.”
Balancer Labs, post on CoinMarketCap.
The vulnerability has not been exploited and no funds have been lost
Balancer Labs stressed that the vulnerability has not been exploited by any malicious actors and that no funds have been lost or stolen. The protocol also said that it has contacted all the affected pool creators and liquidity providers to inform them about the situation and advise them on the next steps. Balancer Labs also thanked the security researcher who reported the issue and said that it would reward them with a bug bounty.
Balancer urges users to exit from affected pools immediately and warns about phishing scams
Balancer Labs strongly recommended all users exit from affected pools as soon as possible and migrate their funds to safe pools or withdraw them entirely. The protocol provided a user interface for users to check if their funds were affected and to perform the recovery exit. Balancer Labs also warned users about phishing scams that are trying to take advantage of the situation by offering fake compensation plans or asking for private keys. The protocol advised users to be vigilant and not trust any messages or websites that were not verified by Balancer Labs.
© 2024 Cryptopress. For informational purposes only, not offered as advice of any kind.
