Balancer has fallen victim to a significant security breach, resulting in the loss of nearly $1 million.

This incident unfolded on August 27, marking a troubling development shortly after the disclosure of a "critical vulnerability."

Earlier, on August 22, the Balancer team had taken preemptive measures by urging liquidity providers (LPs) using the exchange to withdraw funds from specific pools that were at risk due to the vulnerability.

In a recent statement, the Balancer team confirmed the hack's occurrence and emphasised their awareness of an exploit linked to the vulnerability.

The gravity of the situation is underscored by the fact that this breach took place less than a week after the initial vulnerability alert.

Meir Dolev, the founder and CTO of crypto security firm Cyvers, successfully identified the Ethereum address belonging to the hacker responsible.

This address has received three transfers of DAI stablecoin, collectively amounting to approximately $979,420 since the previous Sunday.

Notably, the most recent transfer, occurred around 6:30 pm Sunday ET.

This timing coincided with a tweet from Balancer about the ongoing exploit.

Dolev highlighted that the attacker is persistently conducting their operations.

Blockchain security firm Beosin offered insights into the attack mechanism, revealing that it relied on "multiple flash loan attacks."

What is a Flash Loan Attack?

In these flash loan attacks, an attacker borrows a substantial sum of cryptocurrency from a DeFi platform.

This borrowed capital is then utilised to manipulate the pools susceptible to the vulnerability, ultimately draining funds from these pools.

The borrowed funds are repaid within the same transaction.

These attacks appeal to hackers due to the access they provide to uncollateralised funds, facilitating their manipulation of DeFi protocols.

Flash loan-centered attacks pose a significant menace within the DeFi landscape.

The Euler Finance exploit alone led to losses of approximately $200 million back in March.

The sophisticated nature of these attacks often enables them to evade routine code audits, thereby enhancing their potential for exploitation.