DeFi platform Balancer to reimburse $500k in hack losses; community threatens legal action
It’s been a difficult 48 hours for DeFi project Balancer.
Riding on the DeFi yield farming hyper, Balancer saw an influx of pool funds locked in its protocol, which in turn, attracted the bane of any technology project — the attention of hackers and loophole opportunists.
Attackers stole over $500,000 in wrapped Ether, Chainlink, and other alts early on June 29. The saga ended on June 30 with a bug bounty reward, legal threats, and reimbursement of all liquidity pools affected in the attack.
All losses to be reimbursed
Balancer Labs tweeted Tuesday that all liquidity pools affected in the $500k hack would be fully reimbursed. The firm said a community vote was taken in the regard, with the majority in favor of the decision:
After thorough discussions with the community, the Balancer Labs team decided that it will fully reimburse all the liquidity providers who lost funds in the attack of yesterday. We will also pay out the highest bug bounty available for @Hex_Capital
More details on the…
— Balancer Labs (@BalancerLabs) June 29, 2020
Hex Capital, an algo-trading account created by one Ankur Agrawal, would be paid out the “highest” bug bounty for having earlier addressed the security lapses around listing Statera (STA) — the token which caused the vulnerability in the first place.
In a post, Balancer CEO Fernando Martinelli said the platform experience an unprecedented surge in both users and liquidity last week, leaving developers to play “catch up” on scaling the platform.
Twitter commentators said Balancer was, perhaps, setting a “dangerous” precedent for future DeFi projects and security lapses. However, others believe the sector is undergoing teething issues and developers could take this as a “learning” experience.
However, Martinelli was forthcoming in this regard. He said Balancer Labs will only reimburse the losses of liquidity providers in the attack as the team had already received a specific bug bounty report prior to the hack.
Security audits and legal action
Statera, on its part, tweeted it was working with Balancer and actively collaborating on solutions. The firm added it would be reimbursing STA to all liquidity providers affected by the hack, while Balancer will reimburse the four other tokens.
In working with Balancer we are actively collaborating on solutions.We will be reimbursing STA to all liquidity providers affected by the hack. Balancer will be reimbursing the other fourtokens. Innovation is never a straight line,but it must continue! @BalancerLabs #defi #crypto
— Statera (@StateraProject) June 29, 2020
Meanwhile, Dr. Julian Hosp of CakeDeFi claimed Balancer was audited twice previously:
“$BAL was audited twice. The problem here is neither the auditor nor Balancer Labs. it is the turing-complete game. Turing complete is amazing for trying out things and pushing the boundaries. It is terrible at providing guarantees.”
Before Balancer’s statements, some community members called for lawsuits against the firm and its developers hours after the hack came to light. The posts have since been deleted.