Berachain Executes Emergency Hard Fork Following $128 Million Balancer Breach

Berachain initiated a hard fork after Balancer's $128M breach to fix BEX vulnerability.

The Berachain Foundation team initiated an emergency hard fork following the breach of Balancer, which resulted in a $128 million loss. The network was halted to address a vulnerability in its native decentralized exchange known as BEX.

Bera core update:

The binary for the hard fork has been circulated and many of the validators have upgraded. Prior to going live and producing blocks once again, we’d like to ensure that core infrastructure partners necessary for chain operations (oracles for liquidations etc)…

— Berachain Foundation 🐻⛓ (@berachain) November 4, 2025

The vulnerability in BEX, a fork of Balancer V2, was part of a larger attack. On November 3, the breach affected DeFi protocol pools across Ethereum, Arbitrum, Base, and Polygon networks. Approximately $12 million was drained from the ENA/HONEY liquidity pair on BEX.

According to Nansen analysts, the incident was caused by a failure in the access control mechanism. This allowed the perpetrator to generate fake fees and withdraw them as real assets.

The hard fork will block the movement of stolen tokens beyond the network and prevent further attacks. Developers have already distributed the update to validators.

The network will resume operations once key infrastructure partners update their RPC servers. The team described this as the “main obstacle to resuming operations” in their statement.

Foundation representatives are negotiating with the MEV operator holding the withdrawn funds. The operator has expressed willingness to return the assets after the network relaunch, describing themselves as a “white hat hacker.”

Following the network’s restoration, the Berachain team promised to publish a report on security measures and future plans for BEX development.

11 Audits

According to GitHub, Balancer V2 smart contracts underwent 11 audits by four companies: OpenZeppelin, Trail of Bits, Certora, and ABDK. The last audit took place in September 2022.

“The [Balancer] vault was audited three times by different firms, yet it was still hacked. This industry needs to acknowledge that ‘audited by X’ means almost nothing. Code is complex, and DeFi is even more so,” wrote Suhail Kakar, Head of Developer Relations at blockchain project TAC.

balancer went through 10+ audits. the vault was audited 3 separate times by different firms

still got hacked for $110M

this space needs to accept that ‘audited by X’ means almost nothing. code is hard, defi is harder

it is unfortunate but hope the team recovers pic.twitter.com/nZzVzCdqDO

— Suhail Kakar (@SuhailKakar) November 3, 2025

The Balancer team offered the hacker a reward of 20% of the stolen amount. The condition is a full return of the funds within 48 hours. If refused, the protocol threatened to engage blockchain forensic experts and law enforcement.

Back in August 2023, Balancer developers reported a critical vulnerability affecting several pools of the second version of the DeFi platform.