A new hack has been carried out against the DeFi Balancer protocol. A few hours after the first attack involving the DeFi protocol and leading to the loss of nearly half a million dollars, a second attack was carried out using the same strategy, this time against the COMP token.
Apparently this happened an hour ago, someone used dydx flashloan (again) and drained unclaimed COMP in several balancer pool, making 10.8 ETH profit in the process. Thread incoming. pic.twitter.com/TeJZZSSycE
– Hao (@frenzy_hao) June 29, 2020
Criminals exploited the same system in combination with flash loans from the dYdX protocol. This allowed them recuperate and steal more than 10 ETH.
After the first attack, the team also ad that it would reimburse all those who had suffered a loss in an attempt to at least try to limit the damage from what was lost in the previous attack.
Despite the fact that it is a small-scale robbery, this makes the case even more incredible because apparently the best solution would be pause the protocol and intervene to prevent another attack from occurring, as it was discovered that it is possible to exploit this type of mechanism for almost all tokens and all different groups.
This is a bad start to the week for Balancer, since in a few hours it lost a lot of funds, which of course reflects the reputation of the protocol, since it did not intervene in time and because it did not protect the funds of A second attack.
Now the eyes are posts in decentralized finance (DeFi) and in a fundamental aspect called "composibility", Which is the possibility of implementing protocols on other platforms and thus achieve greater efficiency.
Consider, for example, what it is possible to do using Ethereum (ETH), which is used to generate the stablecoin DAI and which in turn is used to provide liquidity to the various groups that get interest in return.
However, if these groups are becoming the main target of the attacksSo it's pretty clear at this point that DeFi runs the risk of becoming a high-risk tool with the likelihood that users will lose their funds.
Finally, these types of attacks act as a warning for future projects to take further steps to counter these risks.