Hacked Like in the Movies. Hacker Stole $120 Million from Balancer Using a Rounding Error from the Film 'Office Space'
The team acknowledged a rounding error in batch swaps.
The team acknowledged a rounding error in batch swaps.
At the beginning of the week, a critical vulnerability was discovered and immediately exploited in the decentralized protocol Balancer. Estimates suggest the attacker managed to withdraw cryptocurrencies worth approximately $120 million, possibly more. Initially, it was unclear how exactly the attack was carried out. Now, the Balancer team has published a preliminary analysis, tracing the root cause to how the protocol handled token balance operations and rounding.
The incident greatly surprised the DeFi market. Balancer is considered a mature project. It has been audited multiple times by renowned firms. Furthermore, the exploited version of the protocol has been operational since 2021 and wasn't considered problematic.
Former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, compared this attack to the scheme from the movie Office Space during a CNBC interview. The idea there is also to take a tiny fraction of a cent from numerous transactions. Krebs added a speculation that artificial intelligence might have been used in preparing the exploit. He stated this is another interesting detail of the story.
Simplifying the technical part, the core of the problem was a rounding error within Balancer's code, specifically in its so-called batch swaps. This is when multiple token swaps are bundled into a single transaction, designed to save on gas fees when interacting with smart contracts. In one variant of such a swap, the EXACT_OUT mode, the protocol scales numbers to calculate the final amounts more precisely. Sometimes, this resulted in rounding down. Microscopic discrepancies in balances occurred. By performing many repeated operations and intentionally manipulating the state of the pool, one could accumulate these discrepancies to their advantage. This is precisely what the attack did, making the Office Space comparison apt. There were additional techniques involved, but the rounding error was the window that enabled the hack.
A separate part of the story relates to how the blockchains responded. Some networks prevented the hacker from withdrawing all the stolen funds by simply freezing the assets. This goes against the idea that smart contracts operate autonomously and that "code is law" rules. But in practice, many networks and protocols are still managed in a sufficiently centralized manner and can intervene, much like traditional fintech services.
According to Unchained, the Polygon and Sonic networks blocked some of the assets linked to the Balancer attack to prevent them from moving further. The Berachain network went even further and released an emergency hard fork, which is necessary for affected users to recover their funds.
All of this is reminiscent of the The DAO incident from almost a decade ago. Back then, Ethereum developers also had to intervene in the network's operation after a major hack. It's now evident that the industry is still trying to find a balance. On one hand, there's a desire to give users full control over their money. On the other hand, without manual intervention in such attacks, recovering funds is nearly impossible. This leads some observers to feel that the proclaimed decentralization sometimes remains a beautiful facade—especially when recalling recent outages of Amazon Web Services cloud, which also highlighted the crypto infrastructure's dependence on centralized services.
