Balancer Suffers Massive Cross-Chain Exploit, Over $116M Drained in Latest DeFi Hack

Balancer, one of the longest-running decentralized finance (DeFi) platforms, has fallen victim to a massive exploit that drained over $116 million across multiple blockchains. The attack, which began with an estimated $70 million in stolen assets, expanded rapidly within an hour, turning into one of the largest DeFi breaches of 2025.

The exploit primarily targeted wrapped Ethereum (WETH) and other liquid staking tokens spread across Ethereum, Arbitrum, Base, and Optimism networks. According to blockchain data firm Lookonchain, the hacker moved 6,590 WETH, 6,851 osETH, and 4,260 wstETH into new wallets before beginning to split the assets across chains.

Security firm PeckShield confirmed the cross-chain nature of the attack. “The Balancer attack is still ongoing, with estimated losses across multiple blockchains reaching $88 million,” said PeckShield CEO, Xuxian Jiang, in a statement. The number quickly climbed as analysts continued tracking stolen funds.

The breach came after several months of relative calm in the DeFi space, during which most exploits targeted smaller or obscure protocols. Balancer’s size and long-standing presence make this incident particularly significant. Soon after the exploit, on-chain data showed that a dormant whale wallet, inactive for more than three years, withdrew its entire stake from Balancer, a move likely prompted by panic over security risks.

Following the incident, ETH traded at around $3,735.04, marking a decline amid wider market uncertainty. Ethereum remains one of the most targeted assets in DeFi attacks due to its liquidity and ease of movement between protocols.

Faulty Smart Contracts and Security Lapses

Preliminary investigations point to a smart contract flaw as the likely cause of the breach. Analysts identified vulnerabilities in Balancer’s “manageUserBalance” function, which may have allowed unauthorized minting and withdrawals. The exploit involved functions such as “approve infinite wstETH,” granting the attacker unchecked access to certain token interactions.

“The exploit may have originated from a faulty access check that let the attacker send commands to withdraw funds,” said Nicolai Søndergaard, a research analyst at Nansen. “From what I see, losses are now greater than $100 million and have affected Balancer V2 and various forks.”

The stolen funds reportedly included wrapped and staked Ethereum tokens from Balancer’s V2 vaults. Other impacted deployments included the protocol’s versions on Sonic, Polygon, and Base. Forked protocols such as Beets.fi and Berachain, which shared parts of Balancer’s codebase, also suffered losses due to the same vulnerabilities.

Security firms Decurity, HashDit, and Cyvers independently confirmed the on-chain exploit through transaction analysis. The attacker’s wallet, now holding multiple versions of wrapped ETH, has not yet unwrapped or traded the tokens. Experts warn that if the hacker begins to swap or liquidate the stolen funds, it could trigger liquidity issues and price volatility across the DeFi ecosystem.

In a post on X, Balancer said: “We’re aware of a potential exploit impacting Balancer V2 pools. Our engineering and security teams are investigating with high priority.” The team confirmed that only V2 pools were affected, while Balancer V3 appeared to remain intact. However, on-chain data showed that the attacker attempted to probe multiple vaults, raising questions about the extent of the breach.

Balancer V2 currently holds the majority of the platform’s trading volume, though V3 has been gaining traction with increased stablecoin liquidity. The decentralized exchange reported $26 billion in trading volume within 24 hours of the incident, according to CoinGecko. Despite the exploit, the protocol continues to operate, and developers are now collaborating with blockchain security experts to contain further damage.

Industry Reactions and Balancer’s Response

The attack reignited concerns about security in decentralized finance. DeFi platforms, which allow users to earn passive yields without intermediaries, have become attractive targets for hackers seeking to exploit vulnerabilities in smart contracts.

Balancer’s total value locked (TVL) dropped sharply after the exploit, falling from roughly $750 million before the attack to significantly lower levels, according to DeFiLlama data. The platform’s TVL had already declined from a peak of $3.11 billion in 2022 as competition from newer decentralized exchanges intensified.

Despite the scale of the exploit, Balancer’s native BAL token showed only mild volatility, sliding between 5% and 8% on low trading volumes. The token has lost over 99% of its value since launch, leaving it relatively insulated from short-term market shocks.

In an effort to recover stolen assets, Balancer offered the attacker a white hat bounty of up to 20% of the stolen funds if the remainder is returned. The team issued an on-chain message saying, “Our partners have a high degree of confidence you will be identified from access-log metadata collected by our infrastructure.” The note referenced a set of IP addresses and timestamps allegedly linked to the hacker’s transactions.

If the funds are not returned within 48 hours, Balancer said it would cooperate with blockchain forensics specialists and law enforcement agencies to pursue the case. The move mirrors recent strategies used by other DeFi protocols to recover stolen funds by incentivizing cooperation.

This latest exploit follows a string of smaller incidents. Just days earlier, hackers targeted the Garden Finance bridge, stealing $5.5 million. According to data available online, September alone saw 20 DeFi thefts resulting in total losses of $127 million.

Balancer’s track record also includes earlier attacks. In 2020, the protocol lost around $500,000 in a flash loan exploit involving Statera (STA) tokens. Two years later, in 2023, a DNS attack on Balancer’s front-end redirected users to a phishing site, costing victims about $238,000. That same year, Balancer suffered another $1 million exploit related to stablecoin pools, just a week after revealing a “critical vulnerability.”

Industry analysts say the ongoing incident could invite renewed regulatory scrutiny over DeFi security. The Coincu research team noted that “repeated large-scale exploits emphasize the need for stronger technical standards and cross-platform collaboration to prevent systemic vulnerabilities.”

Ethereum’s market performance also reflected the growing uncertainty. As of November 3, 2025, ETH traded at $3,714.47, down 4.63% over 24 hours, with a market capitalization of approximately $448 billion and a dominance rate of 12.46%, according to CoinMarketCap.

The Balancer attack underscores the persistent risks within decentralized finance, where innovation often outpaces security measures. While the full impact of this breach is still unfolding, it highlights an ongoing challenge for DeFi,  balancing open access with reliable protection against increasingly sophisticated attacks.