Balancer hacked for over 120 millions—what should you do?

Chainfeeds Guide:

Currently, the total amount stolen stands at $128.64 million, and the attack is ongoing.

Source:

Foresight News

Opinion:

Foresight News: On the afternoon of November 3, the veteran DeFi protocol Balancer suffered a major security breach. Attackers manipulated the protocol’s core smart contracts and, within just a few hours, transferred over $110 million worth of crypto assets from multiple liquidity pools, moving funds directly from Balancer’s vault to controlled wallets. According to DeBank data, the amount stolen on the Ethereum ecosystem reached as high as $99.85 million, with Arbitrum losing $7.95 million, Base losing $3.94 million, Sonic about $3.4 million, and Optimism $1.56 million. SlowMist’s tracking results show the total stolen amount further rising to $128.64 million, including an additional $12.86 million from the Berachain ecosystem. As a result, the price of BAL dropped to around $0.9, with a 24-hour decline of over 8%. After the incident, Berachain officially suspended HONEY minting and the BEX pool and vault functions, and coordinated with validators to halt network operations, allowing the core team to execute an emergency hard fork to fix vulnerabilities related to Balancer V2. As soon as the news broke, a whale address 0x0090, dormant for three years, immediately withdrew funds from Balancer, indicating that panic spread rapidly. This incident not only revealed fundamental flaws in Balancer V2’s access control but also showed that cross-chain deployment architecture became a trigger amplifying risks, involving multiple networks such as Ethereum, Base, Polygon, and Sonic. At the time of writing, the attack is still ongoing, and security teams are attempting to freeze related addresses. Balancer was established in 2020 by Balancer Labs and is one of the core AMM (Automated Market Maker) protocols in the early DeFi ecosystem, featuring customizable multi-asset liquidity pool designs. Unlike single-asset comparison mechanisms like Uniswap, Balancer allows users to set various asset weight combinations to improve capital efficiency. Its V2 version, launched in 2021, introduced Boosted Pools and a Vault system, aiming to channel idle funds in pools towards yield opportunities, reduce slippage, and enhance efficiency. However, this complex architecture also increased risks related to access control and external dependencies. Analysis indicates that the root cause of this attack was the failure of access control in the vault contract. The attacker used a flash loan mechanism to forge permissions and extract assets from Boosted Pools, bypassing authorization checks and transferring funds directly to the external address 0xAa760D53541d8390074c61DEFeaba314675b8e3f. On-chain data (transaction hash 0xd155207261712c35fa3d472ed1e51bfcd816e616dd4f517fa5959836f5b48569) shows that multiple transfers were completed within minutes, involving major ETH derivatives such as WETH, osETH, wstETH, frxETH, rsETH, and rETH. This exploitation method is similar to the 2022 Nomad Bridge incident, both resulting from bypassed access control logic. Balancer’s cross-chain architecture broadened the impact and amplified the scale of losses. This incident is not isolated but rather a concentrated outbreak of Balancer’s long-standing security risks. Since the launch of V2 in 2021, the protocol has undergone multiple rounds of audits, fuzz testing, and formal verification, yet vulnerabilities have continued to surface. In June 2021, a smart contract issue led to a $500,000 loss; in August 2023, a DNS hijacking resulted in a $270,000 loss; and in October 2025, there was another small-scale incident related to “rate provider” manipulation. These repeated incidents highlight Balancer’s structural weaknesses in access control and external dependencies. This attack prompts a renewed examination of the aging risks of DeFi protocols—codebases that have run for years and are frequently forked become prime targets for hackers in complex multi-chain environments. Hasu, Strategy Director at Flashbots and advisor to Lido, stated, “Since its launch in 2021, Balancer V2 has been one of the most frequently forked smart contracts. Every time such a core protocol is breached, it sets the entire DeFi industry’s adoption process back by 6 to 12 months.” Currently, the Balancer team has confirmed the existence of vulnerabilities in V2 pools and is working with security firms to investigate the incident.