In a shocking turn of events, the Balancer Protocol has become a focal point for decentralized finance (DeFi) vulnerabilities, with over $116 million in crypto assets drained during a sophisticated exploit that unfolded on Monday morning. The alert was first sounded by blockchain analytics firm Lookonchain at approximately 9:12 AM, revealing an initial figure of $70.6 million siphoned off in crypto assets. Subsequently, the situation escalated rapidly, with reports indicating that the attacker had commandeered 6,587 WETH (worth around $24.46 million), 6,851 osETH (approximately $26.86 million), and 4,260 wstETH (approximately $19.27 million) across multiple blockchain networks—a testament to the orchestrated nature of this breach.
Source: DeBank
As the event unfolded, the stolen amount ballooned to a staggering $116 million within just 30 minutes, underscoring not only the technical precision of the exploit but also a stark reality for the DeFi sector—it is becoming increasingly vulnerable amid its rapid growth. With early indicators suggesting a well-coordinated operation, on-chain data revealed that the hacker’s DeBank portfolio held around $95 million, while a portion of $21 million appeared to be distributed across various wallets. This distribution seems to be a tactical maneuver aimed at obscuring the trail of the assets before attempting liquidation.
In the wake of this exploit, a wave of panic swept across Balancer-related projects. Reports emerged of security breaches and precautionary withdrawals from protocols that had been forked from Balancer. Notably, a previously dormant whale wallet suddenly sprang to life, withdrawing $6.5 million from Balancer pools, heightening concerns about the broader implications of the incident.
As major Ethereum-based protocols reacted, Lido—one of the leading liquid staking platforms—quickly confirmed that some Balancer V2 pools were affected but assured the community that its core protocol and user funds remained secure. Lido’s team expressed prudence, stating: “out of an abundance of caution, the Veda team — curators of Lido GGV — has withdrawn its unaffected Balancer position.” Aave, another heavyweight in the DeFi lending space, echoed this reassurance, indicating that it operates a customized version of Balancer’s V2 that is insulated from the vulnerabilities impacting the standard pools.
“We’re aware of a potential exploit impacting Balancer V2 pools. Our engineering and security teams are investigating with high priority. We’ll share verified updates and next steps as soon as we have more information.” — Balancer
While developers are scrambling to understand the root cause and extent of the loss, initial evidence hints at a complicated cross-chain exploit targeting the protocol’s unique liquidity architecture. Interestingly, this isn’t Balancer’s first brush with calamity; back in August 2023, the protocol experienced a $2 million drain due to a code vulnerability followed by another incident a month later involving a loss of over $900,000.
This latest exploit raises thorny questions about the ongoing security concerns plaguing decentralized finance, especially given that it transcended multiple blockchain ecosystems. The crypto space has already witnessed a string of significant losses in recent times: on September 8, for instance, the Nemo Protocol on the Sui blockchain fell prey to a cyberattack, losing $2.4 million just before a maintenance window. In light of these events, PeckShield’s report highlights a trend where September 2025 alone accounted for $127.06 million in crypto hacks.
But amidst this wave of despair, why do such hacks keep occurring? In a conversation with Mitchell Amador, CEO of Immunefi, he outlined three critical reasons:
- Static audits: Many enterprises depend on one-time security checks, leaving them vulnerable to evolving flaws.
- Ignoring incentives: The open-ledger appeal of Web3 can lure attackers, and many underestimate the need for competitive bounties.
- No Web3 expertise: Lack of prior blockchain experience means that many teams overlook essential risks.
As the community grapples with the aftermath of the Balancer exploit, one thing remains clear: the stakes in the DeFi landscape are rising, and vigilance is paramount. With these challenges come significant opportunities for innovation in security protocols and responses. How will the DeFi sector shape its future in the wake of such profound vulnerabilities? Only time will tell.