Latest News 

Ethereum DeFi Protocol Balancer Loses Over $117M in Largest-Ever Breach, Hack Still Ongoing

Posted By: admin
view original post
DeFi protocol Balancer hacked. | Credit: CCN.

Key Takeaways

  • The Ethereum-based DeFi protocol Balancer was exploited on November 3, resulting in losses exceeding $70 million.

  • Attackers drained multiple liquidity pools and moved funds into a single new wallet within minutes.

  • This marks Balancer’s third major breach since 2020, raising renewed questions about DeFi security.

The decentralized finance (DeFi) protocol Balancer, one of Ethereum’s most established automated market makers (AMMs), suffered a major exploit on November 3, resulting in losses of nearly $116.9 million.

On-chain data shows that multiple Balancer liquidity v2 pools were drained in rapid succession, with the stolen tokens quickly transferred to a newly created wallet controlled by the attacker.

The root cause was a faulty access control check in Balancer V2’s manageUserBalance function, specifically in _validateUserBalanceOp.

This allowed the attacker to:

  • Supply a malicious op.sender parameter, bypassing permission checks.

  • Trigger unauthorized internal balance withdrawals from vaults without proper authorization.

  • Exploit boosted pools holding staked Ether derivatives.

The vulnerability affected older V2 forks, potentially exposing more than $60 million in downstream protocols.

The attack likely involved flash loans or scripted transactions to amplify drains across chains. Balancer’s team confirmed the issue impacts V2 pools and is investigating, urging users to revoke approvals and avoid interactions.

According to blockchain trackers, the drained assets had reached $116.9 million by the time of writing.

Balancer hack stolen assets. Source: Lookonchain

The swift execution of the transfers suggests the attacker had a deep understanding of Balancer’s smart contracts, potentially exploiting a flaw in how the platform handles swaps or manages pool balances.

Balancer did not immediately respond to a request for comment.

Hours after the hack, Balancer’s team acknowledged the exploit and said they are actively monitoring the issue. They also assured the community that they would provide timely updates.

Blockchain analysts have advised users to refrain from interacting with Balancer pools until more information is released, warning that additional vulnerabilities may still be present.

Meanwhile, Balancer’s native token (BAL) dropped over 8% intraday, mirroring investor unease and highlighting how quickly sentiment can shift when transparency is absent in the wake of a major hack.

This is not Balancer’s first encounter with hackers. In fact, the platform has now suffered three major security incidents in five years — an unsettling record for one of DeFi’s longest-running protocols.

  • In 2020, attackers exploited Balancer’s handling of deflationary tokens, draining roughly $500,000.

  • In 2023, another vulnerability in its “boosted pools” led to $900,000 in losses despite prior security warnings.

The latest $117 million attack dwarfs those previous incidents, making it Balancer’s most severe exploit to date and one of the largest DeFi hacks of 2025.

Security researchers and DeFi auditors are still analyzing the exploit’s technical vector.

Early evidence indicates a smart contract vulnerability that enabled the attacker to manipulate swaps or imbalances across multiple pools — a recurring weakness in complex AMM protocols.

At the time of writing, no funds had been recovered, and the attacker’s wallet remains active on Ethereum.

The post Ethereum DeFi Protocol Balancer Loses Over $117M in Largest-Ever Breach, Hack Still Ongoing appeared first on ccn.com.