Critical Vulnerability Affects Balancer V2 Pools

The protocol's team claims the vulnerability has not been exploited, but less than 1% of total deposits may still be at risk.

Broken robot
The Balancer's team took quick actions to secure the funds in the affected pools and to prevent the possibility of an exploit

Yesterday, Balancer, the protocol described by its team as "a self-balancing weighted portfolio, price sensor, and liquidity provider," reported a critical vulnerability affecting multiple V2 pools.

The initial report, posted yesterday on the Balancer forum, states that 80% of the affected pools had been secured, while "the remaining funds at risk represent about 4% of Balancer TVL."

Just three hours after the first post, Balancer announced that "thanks to the prompt response of the community, and the ease of migration/withdrawal through the recovery exit page, funds at risk are already down to 1.5% of the TVL."

Read also: Scammers Fake Friend.Tech Airdrops for Phishing Attacks

The latest report on X (formerly Twitter) shows an even greater reduction in affected funds. "Over 97% of liquidity initially deemed vulnerable is now SAFE," the protocol’s team announced today. Balancer stresses that the vulnerability had been detected early enough to prevent possible exploits. However, 0.89% of the total TVL (the total value locked in the protocol) worth $5.6 million at press time, might still be at risk.

The protocol recommends its users withdraw the liquidity provider tokens (LP) as soon as possible. The team advises using the user interface for the withdrawal. According to the official information on the protocol's GitHub, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom and Zkevm are among the affected pools. Balancer's developers recommend visiting the withdrawal page and connecting a wallet to understand if the funds are affected.

As mentioned above, Balancer emphasizes that the vulnerability has not been exploited and any posts containing statements about the BAL claim program are not legitimate.

Indeed, some scammers have already created phishing websites designed as fake Balancer pages, promising users, whose funds happened to be in the affected pools "a compensatory BAL [the Balancer token] distribution."

Read also: Critical Vulnerability in WinRAR Can Give Attackers Control over Your PC

Although the fake compensation plan posted by X accounts closely resembles the authentic Balancer profile, you can easily spot the differences. One of them is an inaccurate profile name that reads "BaIencar" instead of "Balancer."

Despite the news about the vulnerability, the price of the Balancer token has risen again since yesterday after a slight decline, when it was worth $3.4098. At press time, BAL was trading at almost $3.56, according to CoinMarketCap's data.