June 29, 2020 Noncustodial liquidity provider, Balancer suffers a $500,000 attack.

The noncustodial liquidity provider, Balancer, suffered an attack on Monday, losing $500,000 in the process. In his blog post, Mike McDonald, co-founder, and CTO of Balancer detailed how the attacker was able to withdraw funds from two pools by borrowing Wrapped Ether (WETH) via flash loans on dYdX, and trading the tokens repeatedly against the Statera (STA) token which due to its use of a transfer fee, meant the attacker could trick the protocol into releasing more WETH than they originally owned. The attack occurred despite Balancer having already undergone two audits, with a third one still planned while McDonald has stated that they were not aware of this type of attack.

Sources: