Balancer hackers used the Permit authorization to transfer 195 frozen STS tokens to a new address.

The GoPlus Chinese community posted on the X platform that Balancer hackers used the Permit authorization to pull off a successful escape. This morning, the Balancer attackers, through the permit() authorization, transferred 195 stS tokens (worth approximately $3 million) frozen in the Sonic address 0xf19…fae2 to a new address: 0x0e9c…44D5, and exchanged them for WBTC/ETH. The reason for the freeze's failure: The freeze occurred at the native chain level, affecting only the S token and not other ERC20 tokens (such as stS in this case). stS has a permit() method, and the off-chain signature for permit() does not require the frozen address to pay S, thus rendering the freeze ineffective.