Balancer Hack Shows Signs Of Months-long Planning By Skilled Attacker

The $116 million Balancer exploit appears to have been months in the making, with the attacker utilizing Tornado Cash and advanced methods to evade detection.

The onchain transactions of the exploiter behind the $116 million Balancer hack point to a sophisticated actor and extensive preparation that may have taken months to orchestrate without leaving a trace, according to new onchain analysis.

The decentralized exchange (DEX) and automated market maker (AMM) Balancer was exploited for around $116 million worth of digital assets on Monday.

Blockchain data shows the attacker carefully funded their account using small 0.1 Ether (ETH) deposits from cryptocurrency mixer Tornado Cash to avoid detection.

Conor Grogan, director at Coinbase, said the exploiter had at least 100 ETH stored in Tornado Cash smart contracts, indicating possible links to previous hacks.

“Hacker seems experienced: 1. Seeded account via 100 ETH and 0.1 Tornado Cash deposits. No opsec leaks,” said Grogan in a Monday X post. “Since there were no recent 100 ETH Tornado deposits, likely that exploiter had funds there from previous exploits.”

Balancer offered the exploiter a 20% white hat bounty if the stolen funds were returned in full amount, minus the reward, by Wednesday.

Related: Balancer audits under scrutiny after $100M+ exploit

“Our team is working with leading security researchers to understand the issue and will share additional findings and a full post-mortem as soon as possible,” wrote Balancer in its latest X update on Monday.

The Balancer exploit is one of the “most sophisticated attacks we’ve seen this year,” according to Deddy Lavid, co-founder and CEO of blockchain security firm Cyvers:

Lavid said the attack demonstrates that static code audits are no longer sufficient. Instead, he called for continuous, real-time monitoring to flag suspicious flows before funds are drained.

Source: CoinTelegraph