The decentralized finance protocol Balancer confirmed late Monday that an exploit drained more than $116 million from its V2 Composable Stable Pools, in what has become one of the largest DeFi breaches of the year.
In an official post on X, the Balancer team said the attack occurred around 7:48 AM UTC, affecting only its V2 Composable Stable Pools, an older version of the protocol launched in 2021. The team stated that “any pools that could be paused have been paused and are now in recovery mode,” adding that Balancer V3 and other pools remain unaffected.
The statement came hours after blockchain investigators and security analysts sounded the alarm.
Lookonchain estimated that the total stolen funds had surged to $116.6 million, spread across multiple networks including Ethereum, Polygon, and Base.
Other analysts, such as OnchainLens, confirmed that the attacker had begun moving the stolen funds, prompting fears that the assets could soon be laundered through secondary DeFi platforms.
Code flaw across multiple networks
Preliminary findings suggest the attacker exploited a long-standing flaw in Balancer V2’s “manageUserBalance” function, a component that determines which addresses can initiate fund transfers during contract execution.
According to independent developer Suhail Kakar, the function misidentified the message sender, effectively giving attackers permission to move assets without proper validation.
This flaw, buried deep in Balancer’s shared vault system, allowed the exploiter to drain funds linked across several blockchains.
The stolen tokens included 6,850 osETH, 6,590 WETH, and 4,260 wstETH, among others. Security firm Cyvers described the incident as “suspicious” early this morning.
The broader fallout has left multiple projects reeling. Beets Finance, one of the protocols built atop Balancer’s infrastructure, confirmed losses of over $3 million and said roughly $60 million in assets remain at risk until full remediation is achieved.
At its peak, Balancer managed about $700 million in total value locked, according to DefiLlama, making this breach a major blow to one of DeFi’s most established automated market makers.
Another day, another exploit
The Balancer exploit comes just months after the team launched Balancer V3, marketed as a more secure and modular upgrade.
Analysts now point out that the recent website hijack, which saw hackers steal $238,000 in crypto by mimicking Balancer’s official frontend, further highlights the protocol’s ongoing security challenges.
The firm reiterated its warning to investors and users to avoid unofficial links or messages, noting that only updates shared via its verified X account and Discord server should be trusted.
As Balancer works with auditors and law enforcement to trace both the $116+ million exploit and the newer website breach, the community remains on edge.
Ongoing DeFi security gaps
The Balancer exploit and subsequent website hijack have reignited a debate that’s haunted decentralized finance since its inception: how much freedom is too much when billions in user assets are at stake?
The sector’s promise of open, permissionless systems continues to clash with its recurring vulnerability to human error and code exploits.
As developers push for more automation and transparency, the latest incidents expose the limits of “trustless” systems in practice. Without stronger recovery tools and unified security standards, DeFi’s credibility risks eroding under the same openness that made it revolutionary.
Update: This article was updated on November 5, 2025 to delete the previous information that incorrectly stated a 20% white-hat bounty for the return of the remaining funds.
Also read: Berachain Validators Halt Network in Wake of $117M Balancer Exploit
