Balancer Hack Exposes DeFi Vulnerability: Over $116 Million Drained Across Chains

Balancer Hacked

Decentralized Finance (DeFi) faced another significant challenge. On November 3, 2025, the veteran liquidity protocol Balancer (BAL) experienced a major security vulnerability. Hackers stole over $116 million in assets within hours. The event prompted immediate concern within the on-chain community and ranks among the largest and most significant hacks in DeFi history.

On-chain analytics show the attacker targeted the Vault component of Balancer V2’s smart contract, exploiting insufficient authorization checks and callback-related vulnerabilities to manipulate liquidity pools and transfer assets without authorization. This breach did not result from a leaked private key, but rather a fundamental logic flaw in the smart contract itself.

Ethereum Severely Impacted

(Source: lookonchain)

As of now, Lookonchain’s wallet monitoring confirms that hackers have stolen over $116 million, with assets spanning major chains including Ethereum Mainnet, Arbitrum, Base, Sonic, Optimism, and Polygon. The stolen funds primarily include various liquid staking tokens (LSTs) such as rETH, frxETH, osETH, and rsETH—demonstrating a strong understanding of cross-chain DeFi asset structures.

Smart Contract Callback Vulnerability at the Core

Security researchers found that the attacker deployed malicious contracts during liquidity pool initialization, exploiting weak Vault authorization checks and abnormal state updates to bypass safeguards. This enabled unauthorized swaps across pools or manipulation of pool balances, allowing the attacker to quickly move assets.

Audit firm Kebabsec and several developers confirmed that the incident’s root cause was not authorization errors, but transaction state changes prior to withdrawal—enabling malicious exploitation during asset settlement.

Ecosystem Response

As the hack unfolded, several protocols deeply integrated with Balancer acted swiftly to protect themselves:

• Lido rapidly withdrew its unaffected positions from Balancer to prevent risk contagion.
• Berachain immediately suspended network operations and announced an emergency hard fork to patch vulnerabilities in the BEX platform linked to Balancer V2.

Berachain’s founder, Smokey The Bera, stated the team is collaborating with multiple centralized exchanges to blacklist the attacker’s wallet, while halting bridging, lending, and HONEY minting functions to protect liquidity providers’ capital.

Crypto Whales Rush to Withdraw

(Source: lookonchain)

One dormant wallet (0x0090) became a focal point during the incident. Lookonchain’s analysis revealed this whale sprang to life after news of the Balancer exploit broke, urgently withdrawing over $6.5 million in assets. This move illustrates market volatility and highlights DeFi investors’ heightened awareness of security threats.

Tracking the Hackers

On-chain analysts discovered the attacker is using Cow Protocol and multiple DEX platforms to gradually swap stolen LST assets into major tokens like ETH and USDC. For instance, 10 osETH was converted into 10.55 ETH, demonstrating the use of laundering and mixing techniques to complicate tracking efforts.

As of this writing, there is no sign the stolen funds can be recovered. Security teams are blacklisting wallet addresses and conducting ongoing on-chain surveillance to contain the threat.

How Can Investors Protect Themselves?

Balancer users and DeFi investors should take the following steps:

• Withdraw immediately: Remove assets from Balancer V2 pools to prevent further losses.
• Revoke permissions: Use Revoke.cash or DeBank to check and remove Balancer-related authorizations.
• Monitor risk: Stay updated with official announcements and on-chain monitoring to guard against potential follow-up attacks.

Conclusion

The Balancer exploit once again exposes the vulnerability of smart contract security. While decentralization and self-custody lie at DeFi’s core, they also place full responsibility on users and developers. Going forward, balancing innovation and security will be critical to the future of decentralized finance. This incident may have lasting effects on Balancer, but it could also serve as a catalyst for upgrading DeFi’s security infrastructure.