The decentralized finance sector faced another major blow as Balancer, one of the industry’s most established liquidity protocols, fell victim to a sophisticated exploit draining roughly $129 million worth of assets.

The large-scale breach rippled across multiple blockchains – including Ethereum, Base, Optimism, Polygon, Sonic, and Berachain – prompting urgent responses from validators and developers.

Initial on-chain data revealed that attackers moved quickly to swap liquid staking tokens for ETH, indicating a coordinated operation rather than an isolated vulnerability. Security analysts reported the exploit originated from Balancer’s V2 vaults, where a flaw in smart contract permissions allowed hackers to manipulate internal transactions and bypass safety checks.

We’re aware of a potential exploit impacting Balancer v2 pools.

Our engineering and security teams are investigating with high priority.

We’ll share verified updates and next steps as soon as we have more information.

— Balancer (@Balancer) November 3, 2025

A Vulnerability Hidden in Plain Sight

Investigators believe the attackers used a malicious contract to intercept and redirect vault operations during pool creation, taking advantage of callback processes that weren’t properly restricted. This oversight enabled unauthorized token transfers between liquidity pools before balances could be updated, effectively draining funds across networks in a matter of minutes.

The exploit affected a wide range of tokens, including WETH, osETH, wstETH, sfrxETH, and rsETH – most of which are tied to Ethereum’s liquid staking ecosystem. According to blockchain trackers, one previously inactive whale wallet suddenly became active after the breach, withdrawing more than $7 million from Balancer shortly after the attack began.

Emergency Response from Berachain Validators

Among the hardest hit was Berachain, where the Bera Foundation moved quickly to suspend the network and initiate an emergency hard fork. Validators agreed to pause the chain to prevent further exploitation while recovery procedures take place.

Community figures confirmed that several DeFi partners, including Ethena, had temporarily disabled lending and bridging operations connected to Balancer’s infrastructure. Exchange platforms were also contacted to blacklist suspicious addresses linked to the attackers in an attempt to limit the movement of stolen funds.

Market Shock Hits BAL, BERA, and Staking Tokens

News of the exploit sent shockwaves through the market. Balancer’s native token, BAL, slid over 10% within hours, dropping below the $0.90 mark. BERA, the native token of Berachain, also fell by about 7%, while trading volumes in both assets spiked dramatically as users rushed to exit liquidity positions.

Tokens associated with liquid staking – such as LDO, RPL, and JTO – experienced sudden volatility amid fears of a broader liquidity crunch. Ethereum itself briefly dipped more than 4%, sliding to around $3,686 before stabilizing later in the day.

DeFi Security Under Scrutiny Again

The Balancer exploit reignites debate around DeFi’s readiness for institutional-scale adoption. Despite years of audits and widespread use, vulnerabilities in complex smart contracts remain a systemic risk. Analysts note that the multi-chain scope of the attack underscores how interlinked DeFi protocols can amplify damage when one component fails.

As investigations continue, Balancer’s team and external auditors are working to trace the stolen funds and identify the perpetrators. For now, the hack stands as one of 2025’s largest and most technically advanced DeFi breaches – a reminder that even established protocols are not immune to evolving threats in the decentralized finance landscape.