Balancer makes last appeal to hacker behind $100M+ exploit

The Balancer Decentralized Autonomous Organization (DAO) issued an onchain notice to the wallet holder behind an exploit this week that resulted in more than $100 million in digital assets being stolen.

In a Friday X post, Balancer posted a copy of the message it sent to the individual or group responsible for the incident tied to the platform’s V2 Composable Stable Pools. The decentralized exchange offered them until Saturday to return the funds in exchange for an unspecified bounty, or it would use “technical, onchain, and legal measures” to pursue matters.

“We understand that affected users are awaiting further updates,” Balancer said of the exploit. “We will continue to provide information as the investigation progresses.”

The exploit, which Balancer reported to its users on Monday, resulted in more than $100 million worth of staked Ether (ETH) — including StakeWise Staked ETH (OSETH), Wrapped Ether (WETH) and Lido wstETH (wSTETH) — being moved to a newly created wallet. The hack drew attention to the audits of the exchange’s smart contracts after reports showed four security companies had reviewed them.

How did the exploit happen?

According to a post-mortem report on the exploit from Wednesday, the platform said hackers used a combination of BatchSwaps and the upscale rounding function that affects EXACT_OUT swaps to exploit its v2 Stable Pools and Composable Stable v5 pools.

Cointelegraph reached out to one of the auditors for comment, but had not received a response at the time of publication.

Related: FBI can’t be blamed for wiping hard drive with $345M BTC, say judges

Although the onchain message did not specify the amount of the bounty, Balancer’s team initially said that it would offer up to 20% of the stolen funds, which is more than $20 million. No one appeared to have accepted the onchain offer at the time of publication.