So, what happened? According to a write-up by 1inch Exchange, the hacker took out a flash loan and used it to attack the Balancer pool.
In this case, the attacker took out a flash loan of 104,000 WETH from dYdX, according to 1inch. WETH is “wrapped ETH,” a version of ETH that can be traded directly for altcoins.
Then, the attacker swapped the WETH for STA tokens 24 times. STA tokens are Stratera tokens. STA is a deflationary token, meaning that 1% of the value of every transaction is burned.
"Taken separately, STA tokens and balancer pools are not vulnerable. But using STA tokens in a balancer pool leads to a vulnerability allowing to drain the pool,"
Because the attacker made so many trades, this STA quickly became near worthless. The hacker then swapped this near worthless STA for WETH.
Because of the way the Balancer Pool was set up, the pool released lots of WETH. The hacker used this tactic to obtain hauls of WBTC, SNX, LINK and COMP, too.
Finally, the hacker paid back their flash loan. Then, they used some of the near-worthless STA tokens to gain market share in the Balancer Pool—they didn’t need much STA to do this, because they’d drained the pool of funds. After some nefarious swaps, they took a whole load more money out of the smart contracts.
hacker is very smart and has a very good knowledge of smart contracts and blockchain. thats how he can do in so much deep and steal the funds.
The protocol operator will also reward Ankur Agrawal of Hex Capital, "the maximum amount" available in its current bug bounty program, since he flagged the bug to the Balancer team on May 6. The balancer is expected to announce details of its reimbursement process by the end of the week.
JUNE 29, 2020
" for latest information client free news letter "