This week, the Ethereum-based DeFi protocol Balancer faces a devastating security breach, losing over $128 million in what stands as the largest crypto theft of 2025 so far. Attackers exploit a critical smart contract vulnerability, draining multiple V2 vaults and liquidity pools through sophisticated transactions involving flash loans. Consequently, this incident sparks a widespread trust crisis within the DeFi community, prompting users to question protocol safety.
The Attack Unfolds: A Multi-Chain Drain
On Monday, November 3, chain data reveals that attackers rapidly empty several Balancer V2 vault contracts and liquidity pools. They execute a series of meticulously crafted transactions, transferring stolen tokens to newly created wallet addresses. Soon after, these funds consolidate and likely undergo laundering via mixers or cross-chain bridges.
Initial investigations show that the hackers target an interaction flaw between Balancer V2 vaults and liquidity pools. By deploying malicious contracts, they manipulate the Vault’s call logic during pool initialization. This exposes defects in authorization checks and callback handling, allowing unauthorized asset swaps and balance manipulations to swiftly drain funds.
Experts track the key transaction (hash:
0xd155207261712c35fa3d472ed1e51bfcd816e616dd4f517fa5959836f5b48569) on the Ethereum mainnet. Several on-chain analysis firms, including PeckShield and Nansen, confirm this as a smart contract exploit rather than a private key compromise.
Hours after the breach, blockchain analysts report that the hackers expand their assault to multiple networks compatible with or forked from Balancer. The total losses climb to approximately $128 million, distributed as follows:
Ethereum mainnet: about $99 million
Berachain: about $12.8 million
Arbitrum: about $6.8 million
Base: about $3.9 million
Sonic: about $3.4 million
Optimism: about $1.58 million
Polygon: about $232,000
Some smaller networks suffer disproportionately high losses. For instance, Sonic’s total value locked (TVL) stands at just $150 million, with the stolen amount representing roughly 2%. More alarmingly, signs suggest the attack continues.
As of now, on-chain analyst Ember posts on social platform X that liquid staking project StakeWise successfully recovers 5,041 osETH—worth about $19.3 million—from the hacker via a contract call, reducing overall losses. Nevertheless, over half of the stolen assets convert to Ethereum.
Industry experts note that Balancer’s composable design enhances protocol flexibility but also creates complex interaction points across pools as potential attack vectors. This event mirrors past automated market maker (AMM) exploits, where vulnerabilities often lurk in token callbacks or rebalancing logic.
For those monitoring crypto mining profitability, such DeFi breaches can indirectly impact market sentiment, affecting coin values and mining rig returns.
Official Response Falls Short Amid Rising Community Panic
Following the incident, Balancer’s team issues a brief statement on X: “We have noticed a potential attack on Balancer v2 liquidity pools. Our engineering and security teams investigate with top priority and will share confirmed updates as soon as possible.”
The lack of detailed follow-up erodes community confidence, leading investors and users to withdraw liquidity en masse. Analysts advise halting interactions with Balancer pools until teams patch any remaining vulnerabilities.
Meanwhile, Balancer’s native token BAL plunges over 13% in 24 hours, reflecting shattered market faith.
History Repeats: Balancer's Five-Year Security Struggles
In the decentralized finance space, Balancer ranks as a veteran automated market maker (AMM), yet it endures multiple hacks over the past five years. Here, we outline major public security incidents involving the protocol:
June 28-29, 2020
Attackers exploit a “fee + burn” token pool vulnerability using flash loans and repeated trades, creating inconsistencies between asset balances and actual reductions, stealing about $500,000 (including ETH, WBTC, LINK, SNX).
August 22, 2023
Balancer team discovers a severe flaw in V2 Boosted Pools and urges users to withdraw funds. Five days later, the attack occurs anyway. The issue stems from rounding errors in V2 Boosted Pools, allowing attackers to skew BPT (Balancer Pool Token) supply calculations and extract assets at unfair rates via multiple flash loans. Security firms estimate losses between $979,000 and $2.1 million.
August 27-September 20, 2023
Shortly after the vulnerability announcement, attackers cause fund losses estimated at $900,000-$1 million. Then, on September 20, a frontend domain/DNS hijack results in about $238,000 lost.
Persistent Vulnerabilities Amid Enduring Popularity: DeFi's High-Risk Darling
Balancer’s repeated breaches highlight ongoing smart contract risks in DeFi. From token mechanism flaws and frontend hijacks to core V2 contract logic defects, these incidents reveal blind spots in contract design and security audits. Particularly, issues like rounding errors in V2 Boosted Pools or flash loan exploits demonstrate that even top teams struggle to fully mitigate complexities in financial logic.
Despite these setbacks, Balancer retains a loyal user base and community. This stems partly from DeFi’s high-yield opportunities and decentralized finance ideals, and partly from Balancer’s post-attack compensations or white-hat bounties, which bolster user trust through repair and reimbursement mechanisms. For many investors, the trade-off between high rewards and high risks proves acceptable.
Regarding trust, DeFi still warrants attention
Frequent attacks do not render the sector unusable but serve as reminders for stronger security measures, ongoing audits, and transparent risk disclosures to balance innovation with safety.
OneSource founder and CEO Vladislav Ginzburg states: “Smart contracts and financial
engineering form part of DeFi investment risks. Therefore, smart contract audits matter crucially. I view the Balancer vulnerability as no new paradigm, so it should not alter trust or risk factors. The status quo rem
