The DeFi platform Balancer (BAL) disclosed a vulnerability affecting several of its pools in a statement published on Aug. 22.

In that post, Balancer Labs said that the vulnerability in question had not been exploited and said that 80% of the issue had been mitigated. However, the project acknowledged that a small amount of funds — amounting to about 4% of its total value locked (TVL) — are still at risk.

Data from DefiLlama says that Balancer currently has a TVL of $691 million, meaning that roughly $27 million is at risk.

In response to the issue, Balancer’s Emergency SubDAO enabled proportional exit from affected pools and paused certain pools. Balancer urged users to migrate funds to safe pools or withdraw their funds; it also urged liquidity providers to exit at-risk pools.

Balancer has seen significant withdrawals following its announcement. Roughly $149 million has been withdrawn from Balancer’s TVL over the past several hours, though it is unclear whether those funds were removed from the at-risk pools.

The project has not yet published a full post-mortem of the vulnerability, nor has it revealed the source from which the first report originated.

DeFi platforms at risk of exploits

Balancer has been hacked or put at risk in other incidents. One attacker stole more than $500,000 by targeting Balancer in 2021, according to Peckshield.

One Balancer pool was also affected by broader attacks on Euler Finance in March 2023, at which time Balancer paused affected assets and pools; though $11.9 million of funds were affected, it is unclear if this amount was ultimately lost. Balancer also disclosed an exploit and advised certain liquidity providers to exit pools in January 2023.

DeFi platforms overall have seen millions of dollars worth of theft this year. One recent analysis suggests that $77 billion has been stolen in 2023 to date.