DeFi protocol Balancer is facing one of the largest hacks of 2025, with more than $128 million in digital assets drained across multiple pools, according to blockchain security firm PeckShield.
The attack, which struck Balancer’s v2 pools, triggered a wave of emergency withdrawals and security alerts across the DeFi ecosystem — and sparked renewed debate about smart-contract security and audit standards in Web3.
Loading tweet...
View Tweet
What Happened? A Coordinated Smart-Contract Exploit
On-chain data shows rapid, large-scale transfers from Balancer’s vault address (0xBA1…BF2C8) into a newly created attacker wallet. Assets siphoned include:
6,851 osETH (~$26.9M)
6,587 WETH (~$24.5M)
4,260 wstETH (~$19.3M)
Multiple Balancer pools were drained in quick succession, suggesting a deep understanding of Balancer’s AMM logic and a deliberate exploitation of pool balance mechanics or swap-validation logic.
Security firms including Nansen and Arkham flagged the attack in real time, while a dormant whale wallet withdrew $6.5M from the protocol mid-exploit — a sign of growing panic among sophisticated users.
Balancer Confirms Incident, Investigations Underway
Balancer acknowledged the exploit, posting:
We are aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating as a priority.
PeckShield confirmed the exploit is ongoing across chains, and early code analysis from Trading Strategy’s Mikko Ohtamaa points to a smart-contract validation flaw, possibly affecting older V2 forks as well.
A Pattern Emerging — Balancer’s Third Major Exploit
This isn’t new territory for Balancer. The protocol has now suffered three significant security breaches in five years:
Year Exploit / Type / Losses
2020 | Deflationary token exploit | ~$500K
2023 | Boosted pool vulnerability | ~$900K
2025 | Liquidity pool exploit | $128M+
The latest incident is by far the most severe — and one of DeFi’s largest hacks of 2025.
Market Reaction: BAL Drops as Users Flee
Balancer’s native token BAL fell 8% intraday, reflecting shaken confidence and fears of contagion risk. Analysts and on-chain monitors have advised users to avoid interacting with Balancer pools until a full assessment is completed.
Balancer currently holds $350M+ in TVL on Ethereum, per The Block — meaning additional funds could still be exposed.
Loading tweet...
View Tweet
Blockster Take: A DeFi Failure — and a Geopolitical Risk
For a protocol of Balancer’s stature, this isn’t a routine exploit — it’s a systemic security breakdown.
With modern smart-contract tooling, formal verification, and AI-powered audit engines readily available, a nine-figure flaw escaping review is inexcusable. This should have been caught in testing, code audits, or automated logic checks.
This hack isn’t just a DeFi loss — it’s a national-security concern. State-sponsored threat groups, especially North Korean cyber units, have repeatedly targeted DeFi to fund weapons programs. Given the sophistication and scale, this attack may directly strengthen hostile geopolitical actors.
DeFi platforms must take note: continuous code audits, automated exploit detection, AI-driven security layers, and real-time circuit breakers are no longer optional — they’re mandatory.
"Oops, we got hacked" cannot remain an industry excuse when billions and global security are on the line.
Loading tweet...
View Tweet
What Comes Next?
Security teams and auditors are dissecting the flaw, and Balancer is expected to publish a full post-mortem. As of now:
No funds have been recovered
Attacker wallet remains active
Cross-chain risks are being evaluated
DeFi builders, liquidity providers, and users are watching closely. How Balancer responds — speed, transparency, compensation, redesign — will determine whether trust survives this blow.
