- Balancer suffered a smart contract exploit affecting its v2 liquidity pools across multiple blockchains.
- The ongoing hack has resulted in losses totaling approximately $129 million.
- The vulnerability impacted projects that had forked Balancer’s code, spreading the effect beyond the original protocol.
- Security auditors identified a faulty access control in the “manageUserBalance” function and manipulation of internal balances as key exploit vectors.
- A whitehat bot recovered around $600,000, and emergency responses included network halts and freezing the Hacker‘s account on Sonic blockchain.
Balancer, a long-standing decentralized finance (DeFi) exchange, experienced a major smart contract exploit starting November 3, 2025. The attack targeted Balancer’s version 2 liquidity pools on several blockchains, leading to total losses of about $129 million so far. Projects that had created forks of Balancer’s code also reported being compromised.
Within two hours of the exploit’s detection, Balancer confirmed the vulnerability, acknowledging it affected their v2 pools. The breach spread to blockchains including Ethereum, Berachain, Arbitrum, Base, Sonic, Optimism, and Polygon. The response on Berachain involved halting the network to conduct an emergency hard fork.
A preliminary investigation by the security firm Decurity identified a problem in the contract’s “manageUserBalance” function that lacked proper access restrictions, allowing unauthorized withdrawals. Further, internal accounting variables like the vault’s balance were manipulated before funds were withdrawn. 1inch’s Anton Bukov suggested the exploit might have involved exploiting a rounding error. According to blockchain auditor BlockSec, the root cause was an “invariant manipulation” that distorted the Balancer Pool Token price, contributing to the attack.
Earlier in 2025, Balancer experienced other security incidents, including a $2 million hack in August related to boosted pool vulnerabilities and an $11 million loss through a hack affecting a connected lending protocol. Other major DeFi projects, such as Aave and Lido, confirmed that their pools were not impacted by this incident.
Security measures after the attack included an active whitehat bot operated by BitFinding recovering about $600,000. On Sonic, the hacker’s account was frozen via a newly introduced security function. Coinbase’s Conor Grogan noted the attacker demonstrated sophisticated operational security, citing unusual transaction patterns for preparing the attack.
DeFi analytics platform DeFiLlama shows 27 projects forked from Balancer’s v2 code, collectively holding about $78 million in value locked, indicating potential wider impact. One such fork, Beets on Sonic, reportedly suffered a $3.4 million theft.
As the situation develops, affected blockchain communities and security experts continue to analyze the breach and implement emergency responses to limit further losses. The incident highlights ongoing vulnerabilities even in extensively audited DeFi protocols.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
