Balancer DeFi Hack: $128M Exploit Extends Across Chains

byKae Thorne
Balancer DeFi Hack: $128M Exploit Extends Across Chains
Listen 6:30
Takeaways
Hide
  • Over $128.6 million in assets, including WETH, osETH, and wstETH, were drained from Balancer V2 pools across Ethereum, Polygon, and Arbitrum on November 3, 2025
  • The exploit leveraged a state-write reentrancy vulnerability in the V2 Vault-to-Pool system, allowing attackers to corrupt internal balances and perform unauthorized withdrawals
  • Integrated protocols such as Berachain responded with emergency hard forks to contain the exploit’s spread across Balancer forks

The decentralized finance (DeFi) protocol Balancer is investigating a multi-chain security exploit that drained over $128.6 million from its V2 liquidity pools on Monday. The breach exploited a flaw in the Vault-to-Pool callback mechanism, allowing attackers to manipulate internal balances and withdraw assets across Ethereum, Polygon, and Arbitrum.

Prior to the incident, Balancer, an automated market maker (AMM) known for its customizable liquidity pools, held more than $750 million in total value locked (TVL). This event, now dubbed the Balancer DeFi Hack, marks one of the largest on-chain security breaches of 2025.

Related: X Ban Wipes Out Crypto Rewards, Kaito Pivots To New Model After 20% Slump

Vulnerability in Balancer’s V2 Architecture

The attack targeted a state-write reentrancy vulnerability in Balancer’s V2 architecture, particularly within its singleton Vault design. According to blockchain security firm Zealynx, the issue stemmed from a “cross-contract trust boundary” that made the exploit “architecturally inevitable” under extreme liquidity conditions.

The attackers executed a complex batchSwap operation to exploit incorrect invariant calculations in the _calcInGivenOut function, a flaw affecting stable pools that rely on precision-based token scaling. The manipulation led to deflated Balancer Pool Token (BPT) prices and allowed systematic withdrawal of high-value assets, including 6,587 WETH, 6,851 osETH, and 36,850 wstETH, across multiple EVM-compatible networks.

Industry and Protocol Response

Balancer’s official X account confirmed the exploit Monday, stating that its “engineering and security teams are investigating potential V2 pool vulnerabilities.” The project urged users to revoke approvals and withdraw liquidity from affected pools while blocking phishing attempts circulating through community channels.

The Berachain network, which operates Balancer-based forks such as BEX, initiated an emergency hard fork to isolate the vulnerability and prevent contagion. Yield aggregator YO confirmed its funds were safe and that exposure through its autoETH vault had been fully exited.

Analyst Francesco Andreoli urged users to “Withdraw immediately and revoke token approvals” as a precautionary measure. Suhail Kakar, a DeFi researcher, noted that despite the protocol’s extensive security history, including “10+ independent audits,”  the incident reveals the persistent risk of composability in DeFi systems.

Related: $6 Billion ‘Heist’: New GENIUS Act Robs Stablecoin Holders

Chain Street’s Take

If DeFi protocols continue to evolve through stacked integrations and recursive logic, how can smart contracts ever be considered “secure”? Are audit certifications losing credibility as exploit complexity outpaces testing standards? And as Balancer prepares a post-mortem, will this breach prompt the industry to rethink the architecture of shared Vault systems entirely?

Frequently Asked Questions

What was the Balancer DeFi hack and how much was stolen?
Show

The Balancer DeFi hack was a major security breach that occurred on November 3, 2025. Attackers exploited a vulnerability in the protocol's V2 liquidity pools, draining over $128.6 million in assets, including WETH, osETH, and wstETH.

2. How did the attackers exploit the Balancer protocol?
Show

The attackers leveraged a sophisticated "state-write reentrancy" vulnerability. This flaw was located in the V2 Vault-to-Pool system, which allowed them to manipulate internal balance calculations during a complex swap operation and perform unauthorized withdrawals.

Was the hack limited to just one blockchain?
Show

No, the exploit was a multi-chain event that extended across several networks where Balancer's V2 pools were deployed. The article confirms that assets were stolen from pools on Ethereum, Polygon, and Arbitrum.

What was the immediate response and what were users advised to do?
Show

The Balancer team confirmed the exploit and immediately began an investigation. They urged users to withdraw their liquidity from any affected pools and revoke token approvals for the protocol as a critical security precaution to prevent further losses.

How did other DeFi protocols and the wider community react?
Show

The hack had a ripple effect. Integrated protocols that use Balancer's architecture, such as Berachain, initiated emergency hard forks to isolate the vulnerability and protect their own systems. The incident also sparked a broader discussion among security researchers about the persistent risks of complex DeFi systems, even those that have undergone multiple security audits.

The author, a seasoned journalist with no cryptocurrency holdings, presents this article for informational purposes only. It does not constitute investment advice or an endorsement of any cryptocurrency, security, or other financial instrument. Readers should conduct their own research and, if needed, consult a licensed financial professional before making any financial decisions.

You May Also Like