The decentralized finance (DeFi) ecosystem has been rocked by a significant security breach, with the protocol Balancer falling victim to a sophisticated exploit.
According to blockchain analytics platform Lookonchain, approximately $70.6 million worth of assets were initially transferred from Balancer’s pools earlier today. The incident, flagged at around 7:48 AM UTC, has sent shockwaves through the crypto community, raising fresh concerns about the vulnerabilities plaguing DeFi platforms.
Further reports revealed that the hacking amount exceeded to over $128 million across multiple blockchain networks, as noted by PeckShieldAlert. The stolen assets include a number of wrapped ETH derivatives and other tokens, including WETH, osETH, wstETH, sfrxETH, rETH, as well as stablecoins like USDC and sUSDe-as per wallet data from DeBank.
How the Exploit happened
The attackers exploited a vulnerability in Balancer v2’s “manageUserBalance” function, which was supposed to validate who can move funds while the smart contract is triggered. “Instead, it confused msg.sender with a user-supplied op.sender field,” notes Suhail Kakar, a popular developer in DeFi landscape.
Balancer V2 was launched on May 11, 2021, marking a significant upgrade to its Automated Market Maker (AMM) protocol after over a year of development. This version introduced a centralized Protocol Vault to manage assets across all liquidity pools, enhancing efficiency and scalability for DeFi applications. This iteration was using a single vault for every pools, even those on multiple chains, further broadening the scope of the attack.
Balancer team offers 20% bounty
Balancer protocol officially confirmed the exploit, noting that their engineering and security teams are investigating with attack on high priority.
Meanwhile the attacker wallet has received an onchain message from Balancer Security Team, asking the hacker to return funds in exchange for 20% bounty. “We are prepared to offer a one-time white-hat bounty equal to 20% of the recovered funds if the full amount deducting the white hat fee is returned immediately and to the address listed below. This offer will automatically expire 48 hours unless extended in writing.”
However, Balancer team clarified that they have not send any message to the attacker in an X post later. “Fraudulent messages claiming to be from the Balancer Security Team are circulating. These are not from us. Do not interact with unsolicited communications or click unknown links,” the team said.
Another DeFi protocol targeted by hackers
Balancer, a popular automated market maker (AMM) protocol, allows users to create and manage liquidity pools with customizable token weights. However, this flexibility appears to have been a double-edged sword, with the attacker exploiting a vulnerability—possibly related to rate manipulation in boosted pools, as noted in past incidents analyzed by security firm SlowMist.
Data from a 2023 SlowMist report highlighted similar issues, where a near 1:1 exchange ratio between assets like USDC and bb-a-USDC was manipulated for profit. This latest breach suggests that despite prior warnings, such vulnerabilities persist, underscoring the urgent need for enhanced security protocols.
At the time of publishing, Balancer had not released an official statement, leaving the crypto community guessing if it’s really an exploit or internal transfers of any kind.
Over $3 billion in crypto stolen this year
This incident adds to a troubling theft trend in 2025, with hackers stealing over $3 billion in crypto assets year-to-date, according to Forbes. Earlier hacks, such as the $91 million bitcoin (BTC) scam in August and the $2.5 million Moby exploit in January, highlight the escalating sophistication of attacks.
The DeFi space now faces a critical juncture, with calls for real-time recovery systems and stricter security standards growing louder. Investors are urged to exercise caution, withdraw assets from affected pools, and monitor updates closely.
Also read: Sei Token Slides Post-Robinhood Debut in Market Dip
