Balancer's Historical Security Incident Review: Total Losses Exceed $21 Million Due to Flash Loan, Front-End Hijacking, and Cross-Protocol Vulnerability Attacks

On November 3rd, the DeFi protocol Balancer is currently under attack. Losses have exceeded $1.166 billion across multiple chains, and the attack on Balancer is still ongoing. According to the on-chain AI analysis tool (https://t.me/CoinbobAI_bot) (@CoinbobAI_bot), the summary of Balancer's security incidents over the years is as follows: · In June 2020, there was a Flash Loan Attack. The attacker took advantage of the compatibility issue between the deflationary token (STA/STONK) and the Balancer smart contract. By repeatedly calling swapExactAmountIn, the liquidity pool was drained, and a profit of $523,600 was ultimately made. · In August 2023, the Balancer V2 pool suffered multiple flash loan attacks due to a code vulnerability. A total loss of $2.1 million occurred. The team urgently paused the affected pool and advised users to withdraw their funds. However, some funds that were not withdrawn in time were still exploited. · In September 2023, there was a Frontend Hijacking Attack. A hacker hijacked the control of the Balancer frontend through BGP/DNS hijacking and tricked users into authorizing a malicious contract, resulting in a loss of $238,000. On-chain detective ZachXBT traced the flow of funds to address 0x645710Af050E26bB96e295bdfB75B4a878088d7E. · In 2023, due to a vulnerability in Euler Finance, the Balancer bbeUSD pool lost $11.9 million, accounting for 65% of the pool's TVL. The team took protective measures to restrict liquidity withdrawals. · In 2024, there was an association with the Velocore Attack. The Velocore exploit involving a Balancer-style CPMM pool resulted in a loss of $6.8 million. Balancer's technical architecture was indirectly implicated due to cross-protocol integration.