Decentralized exchange Balancer has fallen victim to one of 2025's most devastating crypto hacks, with attackers draining approximately $128 million across seven blockchain networks in a sophisticated exploit that bypassed years of security audits and sent shockwaves through the DeFi ecosystem.
The breach, which began in the early hours of November 3, initially appeared to involve around $70 million in losses, according to blockchain analytics firm Nansen. Within hours, however, security researchers at PeckShield revealed the true scale of the attack: $128.64 million stolen across Ethereum, Berachain, Arbitrum, Base, Sonic, Optimism and Polygon networks.
The attackers moved swiftly, transferring 6,587 WETH worth $24.46 million, 6,851 osETH valued at $26.86 million, and 4,260 wstETH worth $19.27 million to newly created wallets before beginning to convert the stolen liquid staking derivatives into Ethereum. Blockchain analytics platform Lookonchain reported that the hacker immediately started swapping stolen assets for ETH, raising concerns about potential laundering through decentralized mixers or cross-chain bridges.
Technical Breakdown: How the Attack Unfolded
The exploit targeted a critical vulnerability in Balancer's V2 Composable Stable Pools, specifically within the protocol's "manageUserBalance" function. According to security researchers, the faulty access check allowed attackers to bypass authorization and execute unauthorized withdrawals of internal balances.
On-chain analyst Adi explained on X that "improper authorization and callback handling allowed the attacker to bypass safeguards, enabling unauthorized swaps or balance manipulations across interconnected pools." The protocol's composable design, where multiple pools interact heavily with shared liquidity, amplified the vulnerability and allowed hackers to drain assets rapidly across multiple chains within minutes.
Ethereum bore the brunt of the losses, with approximately $99 million stolen from the network. Berachain followed with $12.86 million in losses, prompting its validators to halt the network and execute an emergency hard fork to recover user funds. Arbitrum lost $6.86 million, Base $3.9 million, Sonic $3.44 million, Optimism $1.58 million, and Polygon $232,000.
StakeWise Mounts Rapid Recovery Effort
In a rare success story amid the chaos, Ethereum liquid staking protocol StakeWise announced it had recovered substantial portions of the stolen funds. Using emergency multisig transactions, the StakeWise DAO successfully reclaimed 5,041 osETH worth approximately $19 million and 13,495 osGNO valued at $1.7 million from the exploiter's wallet.
The recovery represented 73.5% of the stolen osETH and 100% of the osGNO tokens taken in the attack. StakeWise confirmed that recovered funds would be returned to affected users on a pro-rata basis according to their pre-exploit balances. The remaining 26.5% of stolen osETH, worth an estimated $7 million, was already converted to ETH by the attacker and could not be retrieved.
StakeWise emphasized in a statement that its core smart contracts and the osETH token remained safe, as the vulnerability existed solely within Balancer's infrastructure. The successful recovery slightly eased market fears that massive quantities of ETH would flood the market, potentially stabilizing the token's short-term price outlook.
Audit Paradox: How 11 Reviews Missed Critical Flaw
Perhaps most troubling about the Balancer exploit is that it occurred despite extensive security precautions. Balancer's smart contracts underwent 11 comprehensive audits by four leading security firms — OpenZeppelin, Trail of Bits, Certora, and ABDK — with the most recent stable pool audit conducted by Trail of Bits in September 2022.
Suhail Kakar, a prominent Web3 developer, noted that even with Balancer's core vault contract reviewed by multiple independent firms, the protocol still suffered a major breach. The incident has reignited debate within the crypto community about whether traditional audit models adequately address the evolving threat landscape in DeFi.
Industry experts from blockchain forensics firms observe that DeFi hacks in 2025 have already surpassed $1 billion in losses, with access control errors accounting for nearly 40% of incidents. The Balancer case suggests that static code reviews, even when conducted multiple times, may fail to catch subtle vulnerabilities in complex, interconnected DeFi systems.
Market Impact and Community Response
Balancer's total value locked plummeted 46% from approximately $770 million to $422 million as panicked users withdrew funds. The protocol's native BAL governance token dropped over 8% within 24 hours to around $0.91, though some sources report a more modest 5% decline.
Ethereum's price also felt the impact, with ETH trading at $3,629-$3,714 on November 4, down 4-8% from pre-exploit levels. The sell-off reflected broader market uncertainty about DeFi security vulnerabilities and the potential for additional exploits across interconnected protocols.
Balancer acknowledged the incident in a statement posted on X, confirming awareness of "a potential exploit impacting Balancer v2 pools." The team emphasized that its engineering and security teams were investigating with high priority and would share verified updates as information became available.
In an attempt to recover the stolen funds, Balancer offered a 20% white-hat bounty — approximately $25.6 million — for the return of assets within 48 hours. The team warned in an on-chain message that "our partners have a high degree of confidence you will be identified from access-log metadata collected by our infrastructure," referencing IP addresses and timestamps allegedly linked to the hacker's transactions.
History Repeats: Balancer's Troubled Security Record
This marks Balancer's largest security breach to date, but far from its first. The protocol has experienced at least six major security incidents since its launch in 2020, averaging approximately one significant breach per year.
In June 2020, Balancer lost $500,000 in a flash loan attack that exploited how the protocol handled deflationary tokens like Statera (STA). In August 2023, hackers drained approximately $2.1 million from V2 boosted pools through a precision vulnerability, just one week after Balancer had disclosed a "critical vulnerability" in those same pools.
The following month, in September 2023, a DNS hijacking attack redirected users from Balancer's legitimate frontend to a phishing site, resulting in $238,000 in losses. March 2023 saw Balancer indirectly affected by the Euler Finance hack, with the protocol's bbeUSD pool losing $11.9 million.
Broader Implications for DeFi Security
The Balancer incident arrives at a critical moment for decentralized finance. Chainalysis reports that more than $2 billion in cryptocurrency was stolen by hackers in the first half of 2025 alone, with North Korean state-sponsored groups responsible for an estimated $1.65 billion of that total.
The attack has prompted renewed discussion about the fundamental security challenges facing DeFi protocols. Unlike centralized exchanges that can reverse fraudulent transactions or freeze accounts, decentralized platforms operate on immutable smart contracts that, once deployed, cannot be easily modified to patch vulnerabilities.
Several blockchain networks took unprecedented action in response to the exploit. Berachain validators halted their network to perform emergency updates. Polygon validators censored hacker transactions. Sonic introduced functionality to freeze and zero out the hacker's account. These interventions sparked debate within the crypto community about the tension between decentralization principles and practical security needs.
Prominent crypto commentator Haseeb observed on X that "smaller ecosystems should prioritize safety and community protection over 'code is law'" — a reference to the crypto industry's traditional ethos that smart contract outcomes should be final and irreversible, even when they result from exploits.
Final thoughts
For Balancer, this breach represents a critical inflection point. The protocol had weathered previous storms and maintained its position as one of DeFi's established players, with approximately $355 million still locked as of November 4 despite the dramatic decline. The platform continues to process significant trading volume, handling around $2.81 billion monthly and generating approximately $10.7 million in annual revenue.
However, rebuilding user trust after a $128 million exploit will require more than technical fixes. The crypto community increasingly demands transparency, rapid communication during crises, and concrete evidence that security vulnerabilities have been comprehensively addressed.
Industry observers expect the Balancer incident to accelerate regulatory scrutiny of DeFi protocols, particularly in the United States where authorities are developing new frameworks for decentralized finance oversight. The fact that extensive auditing proved insufficient to prevent this breach may prompt regulators to require additional safeguards, insurance mechanisms, or liability structures for DeFi platforms.
For now, Balancer users face difficult decisions about whether to maintain their positions or withdraw to safer alternatives. Security researchers continue investigating the full scope of the vulnerability, while blockchain forensics teams work with law enforcement to track the stolen funds. Whether the hacker will accept Balancer's white-hat bounty offer or successfully launder the funds through mixers and cross-chain bridges remains to be seen.
What's certain is that this exploit has added another cautionary chapter to DeFi's turbulent history, reminding both developers and users that in crypto's cutting-edge financial systems, security must evolve as rapidly as the technology itself.