Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The Balancer liquidity pool was attacked by Lightning Loan and lost $500,000. The two losses suffered by Balacer are STA and STONK. At present, the liquidity of these two token pools has been exhausted. Both STA and STONK tokens are deflation tokens, which means that this attack only affects the liquidity pool of deflation tokens. The deflationary tokens on Balancer and its smart contracts are incompatible in certain specific scenarios, allowing attackers to create and profit from STA/STONK circulation pools with price deviations. Attack method (per SlowMist): Compatibility Issue. Reported loss: $ 500,000.
- chain
- —
- protocol
- Balancer
- bug_class
- oracle
- date_occurred
- 2020-06-29
- loss_usd
- $500,000
- source_id
- sm:balancer::2020-06-29