Balancer Hit by $128 Million Cross-Chain Exploit, Triggering Berachain Fork and Renewed DeFi Security Concerns

Van Thanh Le

•

Nov 3 2025

yesterday3 minutes read

Robot controls six-chain vault breach showing Balancer DeFi exploit chaos

Access-Control Flaw in Balancer V2 Vaults Sparks One of 2025’s Largest Multi-Chain DeFi Attacks

TL;DR

Over $128 million drained across six blockchains from Balancer V2 vaults after an access-control flaw was exploited.
Berachain halted operations and launched an emergency hard fork due to exposure through Balancer-derived code.
Balancer offered a 20 % bounty and warned the attacker of identifiable access logs linking IPs to on-chain activity.

Balancer, one of DeFi’s longest-running automated market makers, faced a severe security breach on November 3 2025, when an exploit reportedly drained more than $128 million worth of digital assets across six blockchains. The incident quickly escalated into one of the year’s largest cross-chain DeFi hacks, hitting Ethereum, Arbitrum, Base, Sonic, Optimism, and Polygon networks simultaneously.

The breach originated from a faulty access-control check inside Balancer V2 vault contracts, allowing the attacker to issue unauthorized withdrawal commands. Blockchain analysts from Nansen, PeckShield, and Lookonchain traced the earliest suspicious transfers totaling $70.9 million in staked Ether tokens, including 6,850 StakeWise Staked ETH (OSETH), 6,590 Wrapped Ether (WETH), and 4,260 Lido wstETH. Over the next few hours, the estimated losses rose to $116.6 million before settling above $128.64 million as further cross-chain vaults were compromised.

Update: @Balancer and its forks are under attack, with total losses across multiple chains reaching ~$128.64M so far. https://t.co/67XGX5RcRR pic.twitter.com/FIwx20ALSz
— PeckShieldAlert (@PeckShieldAlert) November 3, 2025

The Balancer team confirmed the exploit through an official X post, saying its “engineering and security teams are investigating with high priority.” Analysts described the flaw as a classic access-authorization oversight in smart-contract logic, where a missing validation check enabled the attacker to trigger withdrawals across shared liquidity vaults. Nicolai of Nansen remarked, “Losses are now greater than $100 million and have affected Balancer V2 plus various forks.” The exploit’s multi-chain spread was facilitated by Balancer’s composable architecture, allowing multiple pools to share common logic. That design efficiency turned into systemic exposure once the attacker manipulated callback handling across integrated chains.

tweet_1985283356582453588_20251104_021640_via_10015_io_11zon.jpg

A dormant wallet inactive for three years suddenly reactivated during the hack, withdrawing large sums from Balancer pools. Forensics from PeckShield identified that the attacker’s addresses have not yet swapped or laundered most of the stolen tokens, leaving the assets largely in wrapped or staked Ether derivatives.

tweet_1985271970800521294_20251104_022137_via_10015_io_11zon.jpg

Balancer published an on-chain message to the exploiter offering a 20 percent white-hat bounty if the funds are returned in full. The message included a direct warning that network partners had collected access-log metadata linking specific IP ranges and ingress timestamps to the attacker’s blockchain transactions. Security firm Cyvers added that total cross-chain activity connected to the breach could exceed $84 million beyond the initially confirmed amount.

The shockwaves extended beyond Balancer’s ecosystem. Berachain, a network utilizing Balancer V2-based contracts for its decentralized exchange BEX, was forced to halt block production and execute an emergency hard fork to isolate the compromised vault logic. The Berachain Foundation stated, “Validators have coordinated to purposefully halt the network as the core team performs an emergency hard fork to address Balancer V2-related exploits.” Approximately $12 million in user assets on Berachain were placed at risk during containment. Market analysts flagged this event as a major stress test for cross-chain interoperability, with shared DeFi architectures exposing multiple ecosystems to cascading vulnerabilities.

The protocol’s native token BAL fell by over 11 percent following the incident, while Balancer’s total value locked plunged from $750 million to below $620 million within 24 hours, according to aggregated crypto price index data. The coin market cap contraction reflected investor caution, echoing similar sentiment seen during earlier protocol incidents. Despite the breach, Balancer’s V3 deployment remained operational and reportedly unaffected, though deposits and withdrawals in affected V2 pools were frozen pending audit verification. Security specialists urged users to revoke contract approvals using tools like Revoke Cash or Etherscan to prevent further losses.

Historically, Balancer has endured multiple security setbacks. A June 2020 flash-loan exploit drained $500,000 in tokens; an August 2023 vulnerability led to nearly $1 million in stablecoin losses; and a September 2023 DNS hijack stole $238,000 through its web front end. This latest incident, however, eclipses prior breaches both in scale and complexity, reigniting debate over DeFi’s composability risks.

Experts warned that even audited contracts—Balancer V2 underwent over 10 independent reviews—remain vulnerable when core logic is shared across multiple networks. The episode may attract renewed regulatory scrutiny over cross-chain DeFi security and smart-contract governance, especially as institutional interest continues to expand. Analysts noted that while the broader crypto price has stayed relatively stable, investor focus is shifting toward liquidity safety and code transparency rather than short-term coin market cap fluctuations.

This article has been refined and enhanced by ChatGPT.