The DeFi platform Balancer (BAL) revealed a security vulnerability in some of its pools in a statement released on August 22.
In the announcement, Balancer Labs stated that the security breach has not yet been exploited maliciously, and that they have resolved 80% of the issue. However, they acknowledged that an amount equivalent to about 4% of the project’s total locked value (TVL) still remains at risk.
According to data from DefiLlama, Balancer’s current TVL is $691 million, suggesting that roughly $27 million is at risk.
In response to this situation, Balancer’s Emergency SubDAO initiated proportional withdrawals from the affected pools and suspended certain pools. Balancer recommended users to move their funds to secure pools or to withdraw their assets altogether; they also cautioned liquidity providers to exit the at-risk pools.
Following this announcement, Balancer witnessed significant withdrawals. In just a few hours, about $149 million was pulled out from Balancer’s TVL, but it is still uncertain whether these funds were withdrawn from the at-risk pools.
The project has yet to publish a comprehensive review regarding the security vulnerability, and they did not specify from which source the initial report came.
DeFi Platforms in Peril
Balancer has been previously subjected to attacks and threats. In 2021, according to Peckshield, Balancer was targeted by an attacker who made off with more than $500,000.
A Balancer pool was compromised due to larger-scale attacks on Euler Finance in March 2023. Balancer suspended the affected assets and pools; while $11.9 million in funds were affected, it remains ambiguous whether these funds were ultimately lost. In January 2023, Balancer reported an attack and advised certain liquidity providers to withdraw from their pools.