Review of Balancer's historical security incidents, resulting in a loss of 21 million dollars due to flash loans, front-end hijacking, and cross-protocol vulnerabilities

The DeFi protocol Balancer is currently under attack, with losses exceeding $116.6 million across multiple chains, and the attack on Balancer is still ongoing.

According to the on-chain AI analysis tool CoinBob, the historical security incidents of Balancer are as follows:

• June 2020 Flash Loan Attack: Attackers exploited a compatibility issue between the deflationary token (STA/STONK) and Balancer's smart contracts, repeatedly calling swapExactAmountIn to drain the liquidity pool, ultimately profiting $523,600.

• August 2023 V2 Pool Vulnerability: The Balancer V2 pool suffered multiple flash loan attacks due to a code vulnerability, with total losses reaching $2.1 million. The team urgently paused the affected pools and advised users to withdraw their funds, but some funds that were not withdrawn in time were still exploited.

• September 2023 Frontend Hijacking Attack: Hackers gained control of Balancer's frontend through BGP/DNS hijacking, tricking users into authorizing malicious contracts, resulting in a loss of $238,000. On-chain detective ZachXBT traced the funds to address 0x645710Af050E26bB96e295bdfB75B4a878088d7E.

• 2023 Euler Incident Impact: Due to a vulnerability in Euler Finance, Balancer's bbeUSD pool suffered a loss of $11.9 million, accounting for 65% of the pool's TVL. The team took protective measures to limit liquidity withdrawals.

• 2024 Velocore Attack Association: The Velocore vulnerability exploited Balancer-style CPMM pools, resulting in a loss of $6.8 million. Balancer's technical architecture was indirectly implicated due to cross-protocol integration.