Balancer Hack: $116M Exploit & DeFi Security – What Happened?

Key Takeaways

• The Balancer hack on November 3, 2025, led to losses of over $116 million, making it one of the largest DeFi exploits of the year.

• The incident exclusively affected Balancer V2 pools across seven different blockchains (Ethereum, Arbitrum, Base, Sonic, Polygon, Optimism, and Berachain).

• Attackers exploited an access control vulnerability in the "manageUserBalance" function to extract funds from the vaults without authorization.

• V3 pools remain secure – the team confirmed that only the older version was affected.

• DeFi platforms remain vulnerable to Smart Contract bugs and technical exploits despite extensive audits.

Introduction

The Balancer hack on November 3, 2025, is one of the largest DeFi exploits of the year – and it highlights a fundamental problem within the crypto ecosystem.

With over $116 million in assets stolen, a security vulnerability in Balancer V2 pools was exposed, affecting users on seven different blockchains.

But here is the central question: If even a protocol audited by OpenZeppelin and Trail of Bits can be hacked, how safe is your money really on decentralized exchanges?

In this article, you will learn exactly what happened, how the hacker proceeded, and what practical steps you should take now.

Register now at WEEX – your secure crypto exchange! With state-of-the-art security measures, professional audits, and 24/7 monitoring, your assets are well protected with us. Register for free now!

What Happened? The Balancer Hack at a Glance

On November 3, 2025, around 9:18 UTC, the DeFi protocol Balancer fell victim to a massive exploit.

Blockchain security firm PeckShield was the first to identify suspicious transactions in which large amounts of staked ETH tokens were drained from Balancer vaults.

The stolen assets primarily included 6,587 WETH (Wrapped Ether), 6,851 osETH (StakeWise Staked ETH), and 4,260 wstETH (Lido Wrapped Staked ETH) – totaling over $116 million in value.

The attack was not limited to a single blockchain but spanned multiple networks:

Ethereum (approx. $100 million in damages), Arbitrum, Base, Sonic, Polygon, Optimism, and Berachain were affected.

Most alarmingly: The attacks continued for several hours while security firms tracked the transactions in real time.

Technical Deep Dive: How Did the Exploit Work?

Technical analysis by BlockSec and other blockchain security experts shows that the attacker exploited a critical vulnerability in Balancer's "manageUserBalance" function.

The Security Vulnerability Explained

The problem lay in a flawed access control bug within the validation function.

Normally, the system should strictly verify whether the message sender matches the operation sender.

However, the vulnerability allowed unauthorized parties to execute internal balance withdrawals via the "UserBalanceOpKind.WITHDRAW_INTERNAL" operation – completely without the required authorization.

Balancer's Vault Architecture as an Attack Target

Balancer V2 uses a unique vault architecture where all tokens from every pool are held in a single smart contract – the vault.

This innovative approach separates token accounting from pool logic and makes pools more efficient.

However, this exact centralization also creates an attractive high-value target: A successful attack on the vault can affect multiple pools simultaneously.

  Affected Assets and Protocols

The losses were concentrated on staked ETH variants, which are particularly popular in DeFi protocols due to their liquidity.

Overview of stolen assets:

Important for users: Only Balancer V2 pools were affected.

The team explicitly confirmed that Balancer V3 pools are secure and were not compromised.

However, Balancer forks on other chains were also attacked, including Beets Finance on the Sonic chain and Beethoven on Optimism.

The Berachain Foundation even had to pause the entire network and perform an emergency hard fork to isolate the compromised contracts.

General Hacker Risks in DeFi Platforms

The Balancer hack is not an isolated case – it joins a long list of DeFi exploits that have already caused over $2 billion in losses in 2025.

Why are DeFi platforms so vulnerable?

• Smart Contract Vulnerabilities Smart contracts are the backbone of DeFi, but their immutable nature makes them vulnerable.

Once deployed, bugs cannot simply be patched.

Common vulnerabilities include reentrancy attacks, integer overflows, and access control errors.

• Flash Loan Attacks Flash loans allow users to borrow large amounts of cryptocurrency without collateral – as long as they are repaid within the same transaction.

Attackers use this mechanism to manipulate prices or exploit protocol weaknesses.

In 2023, flash loan-based attacks already accounted for 62.5% of all DeFi exploits.

• Oracle Manipulation DeFi protocols rely on external data sources (oracles) for price data.

If these are manipulated, attackers can trade assets at incorrect prices and drain liquidity.

• The Transparency Trap DeFi's open-source nature is a double-edged sword: While it enables community reviews, it also gives attackers full insight into potential weaknesses.

Hackers can study contract logic, simulate attacks, and identify vulnerabilities before striking.

Audit Failure Despite Professional Reviews

Particularly concerning: Balancer was audited by leading security firms such as OpenZeppelin, Trail of Bits, and Certora.

Nevertheless, the critical vulnerability was overlooked.

This shows that even extensive audits cannot guarantee 100% security – especially for complex DeFi protocols with multi-chain deployments.

What should users do now?

If you have used Balancer V2 pools, immediate action is required:

• Check your positions Verify whether you have assets in affected V2 pools.

V3 pools are secure and require no action.

• Revoke permissions Use tools like revoke.cash to revoke token approvals for Balancer contracts.

This prevents potential future exploits from accessing your wallet.

• Withdraw funds If possible, withdraw remaining assets from affected pools.
• Monitoring & Updates Follow official Balancer channels for updates on the investigation and potential compensation.

The team is working with security firms to mitigate the damage.

Past Balancer Hacks

This is not Balancer's first security incident:

2020: Loss of $500,000 due to a flash loan attack where an attacker exploited deflationary token mechanisms.

2023 (August): An exploit in V2 Boosted Pools led to $1-2 million in losses due to rounding errors in Linear Pool contracts.

2023 (September): A DNS social engineering attack via the domain registrar EuroDNS redirected users to a phishing website, resulting in $238,000 in losses.

2025 (November): The current exploit involving $116 million is the largest hack in Balancer's history to date.

This trajectory shows a worrying pattern of escalating security incidents – despite continuous security improvements.

Conclusion: DeFi Security Remains the Top Priority

The Balancer hack underscores the ongoing security challenges in DeFi.

Even with multiple professional audits, critical vulnerabilities can be overlooked – especially in complex smart contract systems with multi-chain deployments.

For investors, this means: Due diligence is indispensable.

Check audit reports, favor established protocols with a proven track record, diversify across multiple platforms, and use hardware wallets for large holdings.

The DeFi industry is making progress: Lending protocols have improved their security by 98.4% since 2020.

However, as long as smart contracts are written by humans, errors remain possible.

The key lies in continuous vigilance, regular security updates, and conscious risk management.

Your security is our top priority at WEEX! Open an account today, benefit from the highest standards, and protect your crypto optimally.

Secure your account!

FAQ - Frequently Asked Questions

Are Balancer V3 pools secure?

Yes, the team has confirmed that only V2 pools are affected and V3 pools do not have any security vulnerabilities.

Will there be a refund for affected users?

So far, there is no official announcement. The team continues to investigate the incident and is working with security firms.

How can I check if my pools are affected?

Check on the official Balancer website or via blockchain explorers like Etherscan to see if your liquidity positions are in V2 pools. V2 pools are the primary risk.

Which blockchains were affected?

Ethereum (largest damage with ~$100 million), Arbitrum, Base, Sonic, Polygon, Optimism, and Berachain.

Can other DeFi protocols be attacked in a similar way?

Yes, any protocol with similar vault architectures or access control vulnerabilities could be susceptible. At least 27 Balancer forks exist on various chains, many of which are potentially vulnerable.

What is Balancer doing now to prevent future hacks?

The team is working on patches for the affected contracts and conducting enhanced security audits. Details will be communicated via official channels.

How secure are DeFi platforms in general compared to centralized exchanges?

DeFi platforms have different risk profiles: smart contract risks instead of custody risks. Since 2020, DeFi security standards have improved significantly, with 98.4% fewer incidents in mature lending protocols.

WEEX | Rising Star of Crypto Exchanges in the DACH Region

WEEX combines security, innovation, and community with features for beginners and professionals:

Security & Protection

• 1,000 BTC Protection Fund: Self-funded reserve for rapid loss protection in exceptional cases

Trading & Earning

• Auto Earn: Daily automatic USDT earnings without effort
• Copy Trading: Follow elite traders automatically or apply as an elite trader for additional benefits
• WE-Launch: Early access to new projects – exclusive to WEEX users

Benefits & Rewards

• Promotions & Rewards: Trading competitions and special bonuses for active users
• Affiliate Program: Lifetime commissions from new users – details here
• VIP Benefits: Lowest fees, market insights, and personal support for high-volume traders
• WXT Token: Fee discounts, airdrops, and exclusive platform benefits

Discover current trends on WEEX Spot and get started now: Register now

Disclaimer – Legal Notice from WEEX Exchange

WEEX and its affiliates offer services for the exchange of digital assets, including derivatives and margin trading, only where legal and to eligible users. All content is general information, not financial advice – seek independent advice before trading. Trading cryptocurrencies involves high risk and can lead to a total loss. By using WEEX services, you accept all associated risks and terms. Never invest more than you can afford to lose. Further information can be found in our Terms of Use and in the Risk Disclosure.