Balancer Protocol hack: what happened?

Balancer, one of Ethereum’s most established automated market makers, has suffered what appears to be its largest-ever ￰0￱ than $100 million in digital assets were drained from its vaults in a sophisticated attack that has sent shockwaves through the crypto ￰1￱ drained from Balancer vaults On November 3, 2025, blockchain security firms began sounding the alarm after on-chain data showed massive outflows from Balancer’s main vault ￰2￱ to PeckShield, over $128 million worth of assets — including osETH, WETH, and wstETH — were withdrawn from Balancer’s “0xBA1…BF2C8” ￰3￱ @PeckShieldAlert · Follow Update: @Balancer and its forks are under attack, with total losses across multiple chains reaching ~$128.64M so far. 3:11 pm · 3 Nov 2025 151 Reply Copy link Read 26 replies The stolen assets were quickly moved to external wallets, with one main wallet consolidating tens of millions of dollars across multiple ￰4￱ soon confirmed awareness of a “potential exploit impacting Balancer V2 pools,” stating that its engineering and security teams were investigating with ￰5￱ @Balancer · Follow We’re aware of a potential exploit impacting Balancer v2 ￰6￱ engineering and security teams are investigating with high priority.

We’ll share verified updates and next steps as soon as we have more information. 3:20 pm · 3 Nov 2025 4 Reply Copy link Read more on Twitter The exploit affected Balancer’s version 2 vaults, which hold all tokens from every Balancer pool in a central contract rather than in separate pool ￰7￱ design, introduced to simplify pool creation and management, now appears to have created a single point of vulnerability that attackers ￰8￱ the exploit worked Early analysis by security firms Decurity and PeckShield points to a faulty access control in Balancer’s manageUserBalance ￰9￱ bug originated from the validateUserBalanceOp check, which incorrectly compared ￰10￱ with a user-supplied ￰11￱ logical flaw allowed attackers to trigger unauthorised internal withdrawals using the UserBalanceOpKind.

WITHDRAW_INTERNAL operation — effectively enabling them to drain funds from Balancer’s core vault without ￰12￱ Phalcon later provided a deeper look at the mechanics behind the ￰13￱ firm described it as a highly sophisticated attack that manipulated the invariant used to calculate Balancer Pool Token (BPT) ￰14￱ Arbitrum, for instance, the attacker executed a series of swaps that distorted the pool’s price calculation by exploiting rounding ￰15￱ deflating the BPT price, the attacker was able to profit from a batch swap and then restore balance, pocketing millions in the ￰16￱ of the hack spreads across chains and forks The Balancer attack wasn’t limited to ￰17￱ observed coordinated outflows across several chains, including Sonic, Polygon, and ￰18￱ projects that rely on Balancer’s infrastructure were also ￰19￱ Finance, one such fork, confirmed losses of around $3 ￰20￱ Alerts reported that one of the attacker’s wallets had been funded through Tornado Cash before the exploit ￰21￱ address subsequently received more than $84 million across multiple chains, raising serious concerns about potential laundering through decentralised mixers and cross-chain bridges. 🚨 Cyvers Alerts 🚨 @CyversAlerts · Follow 🚨ALERTS🚨Our system has detected multiple suspicious transaction involving @Balancer !

(still ongoing)It seems that an address funded by @TornadoCash has executed a malicious transaction and received more than 84M across multiple chains! Further details will follow! Want to 2:27 pm · 3 Nov 2025 43 Reply Copy link Read 2 replies In the midst of the chaos, a whale wallet that had been inactive for over three years withdrew $6.5 million from Balancer, seemingly out of fear that the situation could ￰22￱ third major hack for Balancer This latest exploit marks Balancer’s third major breach since ￰23￱ first involved deflationary tokens and cost about $500,000, while the second in 2023 targeted its “boosted pools,” resulting in nearly $900,000 in ￰24￱ time, the scale is exponentially larger — making it one of the most damaging DeFi attacks of 2025.

Balancer’s native BAL token reacted sharply to the news, dropping more than 10% intraday and over 15% from its weekly ￰25￱ (BAL) token price chart |