Balancer DeFi protocol suffers $128m hack

Balancer hacked; losses top $128m.

Unknown attackers breached the decentralised protocol Balancer. According to the latest data, at least $128m was drained.

Update: @Balancer and its forks are under attack, with total losses across multiple chains reaching ~$128.64M so far. https://t.co/67XGX5RcRR pic.twitter.com/FIwx20ALSz

— PeckShieldAlert (@PeckShieldAlert) November 3, 2025

Nansen analysts were among the first to flag suspicious transfers of WETH, osETH and wstETH to a fresh wallet.

.@Balancer potentially exploited.

$70.9M moved to a fresh wallet. Tokens moved:
— 6.85K $OSETH
— 6.59K $WETH
— 4.26K $wSTETH pic.twitter.com/kk1hnjmcIW

— Nansen 🧭 (@nansen_ai) November 3, 2025

The attack ran for several hours.

Mikko Ohtamaa, co-founder and CEO of Trading Strategy, suggested a faulty smart-contract check was to blame. He added that concurrent transactions were altering internal balance accounting.

An OG Ethereum DEX Balancer got rekt for ~$70M.

GM.

Root cause (kudos to Defimon Signals) was a faulty check.

Still not clear what Balancer versions are affected, but not all of them. https://t.co/eVfRugvZlO pic.twitter.com/Ao6CkU0BFk

— Mikko Ohtamaa (@moo9000) November 3, 2025

“Independent security experts have yet to determine exactly how these manipulations were carried out,” the specialist noted.

According to Cyvers, the hacker began laundering funds via Tornado Cash. Analysts at Lookonchain later noted that the attacker started swapping the stolen funds for Ethereum.

Amid the attack, the project’s native token — BAL — fell by more than 11%. At the time of writing it trades at $0.8.

An influencer using the pseudonym Adi said the hackers exploited a vulnerability in Balancer V2 pools. They deployed a malicious contract that tricked the system when new liquidity pools were created.

Here’s everything you need to know about the Balancer Hack:

1. The attack targeted Balancer’s V2 vaults and liquidity pools, exploiting a vulnerability in smart contract interactions. Preliminary analysis from on-chain investigators points to a maliciously deployed contract that… pic.twitter.com/udAM4hB0OD

— Adi (@AdiFlips) November 3, 2025

“A faulty access-control check allowed the safeguards to be bypassed. That made it possible to move funds between linked pools without authorisation and siphon them off in minutes,” he said.

The expert said the attack began with a transaction on Ethereum. The problem was exacerbated by Balancer’s complex architecture, where pools interact heavily with each other.

The project team commented on the incident, acknowledging the breach.

“Our engineers and security specialists are investigating as a priority. We will share verified information and next steps immediately, as soon as we have additional data,” Balancer representatives wrote.

Whales safeguard capital

In response to the incident, dormant whales using the protocol stirred. One withdrew $6.5m from the platform.

A whale 0x0090, dormant for 3 years, just woke up after the #Balancer exploit — rushing to withdraw all $6.5M from the #Balancer.

If you still have funds on #Balancer, ⚠️ take action and secure them now.https://t.co/ocNGGobPEd pic.twitter.com/nnR5td0DmZ

— Lookonchain (@lookonchain) November 3, 2025

In less than a day, Balancer’s TVL halved — from $441m on 2 November to $270m now.

Impact

Berachain validators coordinated to halt the network so the core team could perform an emergency hard fork to return funds to users affected by the Balancer hack.

The Berachain validators have coordinated to purposefully halt the Berachain network as the core team performs an emergency hard fork to address Balancer V2 related exploits on the BEX.

This halt has been executed purposefully, and the network will be operational shortly upon…

— Berachain Foundation 🐻⛓ (@berachain) November 3, 2025

Developers said the ENA/HONEY pool was affected.

Berachain’s head of ecosystem, Smokey The Bera, called the decision controversial but necessary. He stressed that the damage was about $12m.

In August 2023, Balancer developers reported a critical vulnerability that affected a number of pools in the second version of the DeFi platform.