The hacker who attacked Balancer transferred frozen assets worth about $3 million through Permit authorization.

According to Jinse Finance, GoPlus monitoring reported that the hacker who attacked Balancer successfully used the permit() authorization mechanism to transfer 195 stS tokens (worth about $3 million) from the SonicLabs frozen address 0xf19…fae2 to a new address 0x0e9c…44D5, and then exchanged them for WBTC and ETH. This maneuver bypassed the asset freezing measures on the original address.