Update: @Balancer and its forks are under attack, with total losses across multiple chains reaching ~$128.64M so far.
/
Balancer Protocol hack: what happened?
Nov, 03, 2025
4 min read
by Charles Thuo
for Invezz
Share:
Balancer, one of Ethereum’s most established automated market makers, has suffered what appears to be its largest-ever exploit.
More than $100 million in digital assets were drained from its vaults in a sophisticated attack that has sent shockwaves through the crypto ecosystem.
Millions drained from Balancer vaults
On November 3, 2025, blockchain security firms began sounding the alarm after on-chain data showed massive outflows from Balancer’s main vault contract.
According to PeckShield, over $128 million worth of assets — including osETH, WETH, and wstETH — were withdrawn from Balancer’s “0xBA1…BF2C8” address.
The stolen assets were quickly moved to external wallets, with one main wallet consolidating tens of millions of dollars across multiple chains.
Balancer soon confirmed awareness of a “potential exploit impacting Balancer V2 pools,” stating that its engineering and security teams were investigating with urgency.
We’re aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating with high priority. We’ll share verified updates and next steps as soon as we have more information.
The exploit affected Balancer’s version 2 vaults, which hold all tokens from every Balancer pool in a central contract rather than in separate pool contracts.
This design, introduced to simplify pool creation and management, now appears to have created a single point of vulnerability that attackers exploited.
How the exploit worked
Early analysis by security firms Decurity and PeckShield points to a faulty access control in Balancer’s manageUserBalance function.
The bug originated from the validateUserBalanceOp check, which incorrectly compared msg.sender with a user-supplied op.sender.
This logical flaw allowed attackers to trigger unauthorised internal withdrawals using the UserBalanceOpKind.WITHDRAW_INTERNAL operation — effectively enabling them to drain funds from Balancer’s core vault without permission.
BlockSec Phalcon later provided a deeper look at the mechanics behind the exploit.
The firm described it as a highly sophisticated attack that manipulated the invariant used to calculate Balancer Pool Token (BPT) prices.
On Arbitrum, for instance, the attacker executed a series of swaps that distorted the pool’s price calculation by exploiting rounding errors.
By deflating the BPT price, the attacker was able to profit from a batch swap and then restore balance, pocketing millions in the process.
Impact of the hack spreads across chains and forks
The Balancer attack wasn’t limited to Ethereum.
Analysts observed coordinated outflows across several chains, including Sonic, Polygon, and Base.
Forked projects that rely on Balancer’s infrastructure were also hit. Beets Finance, one such fork, confirmed losses of around $3 million.
Cyvers Alerts reported that one of the attacker’s wallets had been funded through Tornado Cash before the exploit began.
The address subsequently received more than $84 million across multiple chains, raising serious concerns about potential laundering through decentralised mixers and cross-chain bridges.
🚨ALERTS🚨Our system has detected multiple suspicious transaction involving @Balancer ! (still ongoing) It seems that an address funded by @TornadoCash has executed a malicious transaction and received more than 84M across multiple chains! Further details will follow! Want to
In the midst of the chaos, a whale wallet that had been inactive for over three years withdrew $6.5 million from Balancer, seemingly out of fear that the situation could worsen.
The third major hack for Balancer
This latest exploit marks Balancer’s third major breach since 2020.
The first involved deflationary tokens and cost about $500,000, while the second in 2023 targeted its “boosted pools,” resulting in nearly $900,000 in losses.
This time, the scale is exponentially larger — making it one of the most damaging DeFi attacks of 2025.
Balancer’s native BAL token reacted sharply to the news, dropping more than 10% intraday and over 15% from its weekly high.
With more than $750 million in total value locked before the attack, the incident raises renewed concerns about the risks of complex smart contract systems and the fragility of interconnected DeFi infrastructure.
Investigation ongoing
As of now, Balancer’s team has not released a detailed postmortem, though investigations are ongoing across multiple security firms.
The attacker’s wallet remains active, and none of the stolen funds have been recovered.
Analysts warn that if similar vulnerabilities exist in Balancer forks or integrated protocols, more losses could follow.
The post Balancer Protocol hack: what happened? appeared first on Invezz
In This News
Coins
$ 3.01K
+3.26%
$ 0.0163
+2.86%
$ 0.00...361
$ 0.732
$ 0.0000824
Share:
In This News
Coins
$ 3.01K
+3.26%$ 0.0163
+2.86%$ 0.00...361
$ 0.732
$ 0.0000824
Share:
Read More
AAVE eyes $188 as whale accumulation and DeFi resilience fuel price recovery
Aave’s native token has seen a measured rebound as market participants weigh the infl...
Nov, 27, 2025
2 min read
by Invezz
IOTA price soars as network staking ratio hits 50% milestone
Cryptocurrencies saw remarkable rallies on Thursday as Bitcoin reclaimed $91,000. Mos...
Nov, 27, 2025
2 min read
by Invezz
Balancer Protocol hack: what happened?
Nov, 03, 2025
4 min read
by Charles Thuo
for Invezz
Share:
Balancer, one of Ethereum’s most established automated market makers, has suffered what appears to be its largest-ever exploit.
More than $100 million in digital assets were drained from its vaults in a sophisticated attack that has sent shockwaves through the crypto ecosystem.
Millions drained from Balancer vaults
On November 3, 2025, blockchain security firms began sounding the alarm after on-chain data showed massive outflows from Balancer’s main vault contract.
According to PeckShield, over $128 million worth of assets — including osETH, WETH, and wstETH — were withdrawn from Balancer’s “0xBA1…BF2C8” address.
Update: @Balancer and its forks are under attack, with total losses across multiple chains reaching ~$128.64M so far.
The stolen assets were quickly moved to external wallets, with one main wallet consolidating tens of millions of dollars across multiple chains.
Balancer soon confirmed awareness of a “potential exploit impacting Balancer V2 pools,” stating that its engineering and security teams were investigating with urgency.
We’re aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating with high priority. We’ll share verified updates and next steps as soon as we have more information.
The exploit affected Balancer’s version 2 vaults, which hold all tokens from every Balancer pool in a central contract rather than in separate pool contracts.
This design, introduced to simplify pool creation and management, now appears to have created a single point of vulnerability that attackers exploited.
How the exploit worked
Early analysis by security firms Decurity and PeckShield points to a faulty access control in Balancer’s manageUserBalance function.
The bug originated from the validateUserBalanceOp check, which incorrectly compared msg.sender with a user-supplied op.sender.
This logical flaw allowed attackers to trigger unauthorised internal withdrawals using the UserBalanceOpKind.WITHDRAW_INTERNAL operation — effectively enabling them to drain funds from Balancer’s core vault without permission.
BlockSec Phalcon later provided a deeper look at the mechanics behind the exploit.
The firm described it as a highly sophisticated attack that manipulated the invariant used to calculate Balancer Pool Token (BPT) prices.
On Arbitrum, for instance, the attacker executed a series of swaps that distorted the pool’s price calculation by exploiting rounding errors.
By deflating the BPT price, the attacker was able to profit from a batch swap and then restore balance, pocketing millions in the process.
Impact of the hack spreads across chains and forks
The Balancer attack wasn’t limited to Ethereum.
Analysts observed coordinated outflows across several chains, including Sonic, Polygon, and Base.
Forked projects that rely on Balancer’s infrastructure were also hit. Beets Finance, one such fork, confirmed losses of around $3 million.
Cyvers Alerts reported that one of the attacker’s wallets had been funded through Tornado Cash before the exploit began.
The address subsequently received more than $84 million across multiple chains, raising serious concerns about potential laundering through decentralised mixers and cross-chain bridges.
🚨ALERTS🚨Our system has detected multiple suspicious transaction involving @Balancer ! (still ongoing) It seems that an address funded by @TornadoCash has executed a malicious transaction and received more than 84M across multiple chains! Further details will follow! Want to
In the midst of the chaos, a whale wallet that had been inactive for over three years withdrew $6.5 million from Balancer, seemingly out of fear that the situation could worsen.
The third major hack for Balancer
This latest exploit marks Balancer’s third major breach since 2020.
The first involved deflationary tokens and cost about $500,000, while the second in 2023 targeted its “boosted pools,” resulting in nearly $900,000 in losses.
This time, the scale is exponentially larger — making it one of the most damaging DeFi attacks of 2025.
Balancer’s native BAL token reacted sharply to the news, dropping more than 10% intraday and over 15% from its weekly high.
With more than $750 million in total value locked before the attack, the incident raises renewed concerns about the risks of complex smart contract systems and the fragility of interconnected DeFi infrastructure.
Investigation ongoing
As of now, Balancer’s team has not released a detailed postmortem, though investigations are ongoing across multiple security firms.
The attacker’s wallet remains active, and none of the stolen funds have been recovered.
Analysts warn that if similar vulnerabilities exist in Balancer forks or integrated protocols, more losses could follow.
The post Balancer Protocol hack: what happened? appeared first on Invezz
In This News
Coins
$ 3.01K
+3.26%$ 0.0163
+2.86%$ 0.00...361
$ 0.732
$ 0.0000824
Share:
In This News
Coins
$ 3.01K
+3.26%$ 0.0163
+2.86%$ 0.00...361
$ 0.732
$ 0.0000824
Share:
Read More
AAVE eyes $188 as whale accumulation and DeFi resilience fuel price recovery
Aave’s native token has seen a measured rebound as market participants weigh the infl...
Nov, 27, 2025
2 min read
by Invezz
IOTA price soars as network staking ratio hits 50% milestone
Cryptocurrencies saw remarkable rallies on Thursday as Bitcoin reclaimed $91,000. Mos...
Nov, 27, 2025
2 min read
by Invezz