Exploit Drains Over $110 Million from Balancer Across Multiple Blockchains

Global: Exploit Drains Over $110 Million from Balancer Across Multiple Blockchains

Exploit Overview

On November 3, 2025, a security breach resulted in the unauthorized transfer of more than $110 million from the decentralized finance protocol Balancer. The incident affected assets on Ethereum, Polygon, Base and Sonic networks, and the perpetrators moved the funds to newly created wallets shortly after the theft.

Technical Flaw

According to the analysis, attackers leveraged a faulty access‑control check in the manageUserBalance function of Balancer’s v2 smart contract. The vulnerability allowed internal withdrawals without proper authorization, enabling the extraction of tokens from the protocol’s vaults.

Stolen Assets

The compromised funds included approximately 6,850 osETH, 6,590 wETH and 4,260 wstETH. Subsequent blockchain tracing indicated that the assets were consolidated into a series of wallets that appear to be used for laundering the proceeds.

Ripple Effect on Forked Protocols

The breach also impacted protocols that forked Balancer’s code, most notably Beets Finance, which reported a loss of roughly $3 million as a result of the same vulnerability.

Market Impact

Following the disclosure, Balancer’s native BAL token experienced a price decline of more than 10 percent, reflecting investor concerns about the protocol’s security posture.

Security History

This event marks the third major security incident involving Balancer since 2020, despite prior audits conducted by firms such as OpenZeppelin and Trail of Bits.

Balancer’s Response

Balancers’ development team has acknowledged the exploit, initiated a freeze on affected contracts, and announced a forthcoming security review. The team also indicated that they are working with external auditors to remediate the vulnerability and restore user confidence.This report is based on information from Web3 Is Going Great, licensed under Creative Commons Attribution 3.0 (CC BY 3.0). Analysis provided by Web3 Is Going Great.