Fernando Martinelli, the CEO, and Founder of Balancer Labs on June 30, 2020, responded to an incident where $500,000 worth of digital assets were lost saying the team would have done better and will now reimburse losses incurred by the affected liquidity providers.
Balancer Labs Reimbursement a Move in the Right Direction
Acknowledging that the exploit was partly because of their non-action, Balancer Labs has apologized to Ankur Agrawal (the bounty hunter who first noted the bug) and will pay him the maximum reward from their bounty program.
They will also start the third audit of their code and significantly raise bounty rewards depending on bug criticality.
Admittedly, the $500,000 loss was a massive blow for the ordinary yield farmer.
While it sent shock waves to the DeFi community, Fernando and the team’s move to calm the waters and reimburse the 0.36 percent of affected liquidity providers is a move in the right direction.
It is also a confidence boost for the space that desperately needs a pat on the back given the recent wave of attacks on open financial apps in the first half of 2020.
Sophisticated agents have taken it upon themselves to use their skills to launch devastating attacks, loop in anonymity tools to launder stolen assets, slowing down infrastructure developments.
On June 29, 2020, a skilled smart contract and DeFi programmer automated a complex smart contract on the Ethereum mainnet, borrowed a WETH flash loan, and wreaked havoc on two pools.
Specifically, the hacker identified a vulnerability on Balancer Labs’ automated market makers (AMM) before fast-tracking the process through an attack vector possible only via a deflationary token.
Balancer Labs: DeFi and Smart Contracts Bear Risks
Since the exploit has been demonstrated and is no longer “impractical,” Balancer Labs are covering their bases by first reimbursing users who lost their funds.
For clarity, they have stated that “reimbursement of the deflationary tokens that made the attack possible, STA and STONK, will be made by their respective teams.”
“Balancer Labs will only reimburse the losses of liquidity providers in this attack because we believe we could and should have done better in avoiding this, given the context of the bug bounty report we received before the attack.”
Fernando has made it clear that they are not setting precedence and won’t reimburse future losses on the protocol since there are inherent risks when a user must understand when using smart contracts and DeFi dApps.