Balancer Protocol hack: what happened?

Balancer, one of Ethereum’s most established automated market makers, has suffered what appears to be its largest-ever exploit.

More than $100 million in digital assets were drained from its vaults in a sophisticated attack that has sent shockwaves through the crypto ecosystem.

Millions drained from Balancer vaults

On November 3, 2025, blockchain security firms began sounding the alarm after on-chain data showed massive outflows from Balancer’s main vault contract.

According to PeckShield, over $128 million worth of assets — including osETH, WETH, and wstETH — were withdrawn from Balancer’s “0xBA1…BF2C8” address.

PeckShieldAlert

@PeckShieldAlert
·Follow

Update: @Balancer and its forks are under attack, with total losses across multiple chains reaching ~$128.64M so far.

3:11 pm · 3 Nov 2025

151

Reply

Copy link

Read 26 replies

The stolen assets were quickly moved to external wallets, with one main wallet consolidating tens of millions of dollars across multiple chains.

Balancer soon confirmed awareness of a “potential exploit impacting Balancer V2 pools,” stating that its engineering and security teams were investigating with urgency.

Balancer

@Balancer
·Follow

We’re aware of a potential exploit impacting Balancer v2 pools.

Our engineering and security teams are investigating with high priority.

We’ll share verified updates and next steps as soon as we have more information.

3:20 pm · 3 Nov 2025

4

Reply

Copy link

Read more on Twitter

The exploit affected Balancer’s version 2 vaults, which hold all tokens from every Balancer pool in a central contract rather than in separate pool contracts.

This design, introduced to simplify pool creation and management, now appears to have created a single point of vulnerability that attackers exploited.

How the exploit worked

Early analysis by security firms Decurity and PeckShield points to a faulty access control in Balancer’s manageUserBalance function.

The bug originated from the validateUserBalanceOp check, which incorrectly compared msg.sender with a user-supplied op.sender.

This logical flaw allowed attackers to trigger unauthorised internal withdrawals using the UserBalanceOpKind.WITHDRAW_INTERNAL operation — effectively enabling them to drain funds from Balancer’s core vault without permission.

BlockSec Phalcon later provided a deeper look at the mechanics behind the exploit.

The firm described it as a highly sophisticated attack that manipulated the invariant used to calculate Balancer Pool Token (BPT) prices.

On Arbitrum, for instance, the attacker executed a series of swaps that distorted the pool’s price calculation by exploiting rounding errors.

By deflating the BPT price, the attacker was able to profit from a batch swap and then restore balance, pocketing millions in the process.

Impact of the hack spreads across chains and forks

The Balancer attack wasn’t limited to Ethereum.

Analysts observed coordinated outflows across several chains, including Sonic, Polygon, and Base.

Forked projects that rely on Balancer’s infrastructure were also hit. Beets Finance, one such fork, confirmed losses of around $3 million.

Cyvers Alerts reported that one of the attacker’s wallets had been funded through Tornado Cash before the exploit began.

The address subsequently received more than $84 million across multiple chains, raising serious concerns about potential laundering through decentralised mixers and cross-chain bridges.

🚨 Cyvers Alerts 🚨

@CyversAlerts
·Follow

🚨ALERTS🚨Our system has detected multiple suspicious transaction involving @Balancer ! (still ongoing)

It seems that an address funded by @TornadoCash has executed a malicious transaction and received more than 84M across multiple chains!

Further details will follow!
Want to

2:27 pm · 3 Nov 2025

43

Reply

Copy link

Read 2 replies

In the midst of the chaos, a whale wallet that had been inactive for over three years withdrew $6.5 million from Balancer, seemingly out of fear that the situation could worsen.

The third major hack for Balancer

This latest exploit marks Balancer’s third major breach since 2020.

The first involved deflationary tokens and cost about $500,000, while the second in 2023 targeted its “boosted pools,” resulting in nearly $900,000 in losses.

This time, the scale is exponentially larger — making it one of the most damaging DeFi attacks of 2025.

Balancer’s native BAL token reacted sharply to the news, dropping more than 10% intraday and over 15% from its weekly high.

Balancer (BAL) token price chart | Source: Coingecko

With more than $750 million in total value locked before the attack, the incident raises renewed concerns about the risks of complex smart contract systems and the fragility of interconnected DeFi infrastructure.

Investigation ongoing

As of now, Balancer’s team has not released a detailed postmortem, though investigations are ongoing across multiple security firms.

The attacker’s wallet remains active, and none of the stolen funds have been recovered.

Analysts warn that if similar vulnerabilities exist in Balancer forks or integrated protocols, more losses could follow.

The post Balancer Protocol hack: what happened? appeared first on Invezz

Related News

Top crypto to watch this week: Avalanche, Cronos, LayerZero
Ethereum price prediction as ETH ETFs shed $1.2 billion
Solana price forms death cross as SOL ETF inflows near $400m
LATAM crypto news: Bolivia advances blockchain in elections as Argentina freezes LIBRA-linked assets
XRP price prediction: XRP ETF hits Nasdaq, what will Ripple price be by December?