Balancer Hack Results in Over $100M Loss, Dealing a Devastating Blow to the DeFi Industry
Original Article Title: "Veteran DeFi Compromised: Balancer V2 Contract Vulnerability, Over $110 Million in Assets Stolen"
Original Article Author: Wenser, Odaily Planet Daily
Editor's Note: Today, the DeFi protocol Balancer fell victim to a hack, with the stolen funds now exceeding $116 million. Several projects have taken remedial actions: Lido has withdrawn its unaffected Balancer position, while Berachain has announced a network halt to conduct an emergency hard fork to address the Balancer V2-related vulnerability on the BEX.
Furthermore, Hasu, the Strategic Director of Flashbots and a Strategic Advisor to Lido, expressed in a post that "Balancer v2 went live in 2021 and has since become one of the most closely watched and frequently forked smart contracts. This is very concerning. Every time a contract that has been live for so long gets hacked, it sets DeFi adoption back by 6 to 12 months." The following is the original content:
On November 3, the veteran DeFi protocol Balancer was reported to have over $70 million in assets stolen. Subsequently, this news was confirmed by multiple parties, and the size of the stolen funds continued to grow. At the time of writing, the amount of assets stolen from Balancer had increased to over $116 million. Odaily Planet Daily will briefly analyze this incident in this article.
Balancer Hack Details: Loss Exceeds $116 Million, Mainly Due to v2 Pool Smart Contract Flaw
According to on-chain information, the Balancer attacker has now stolen over $116 million in assets, with the main stolen assets including WETH, wstETH, osETH, frxETH, rsETH, rETH, spread across multiple chains such as ETH, Base, Sonic, etc., where:
· Assets stolen on the Ethereum chain: approximately $100 million;
· Assets stolen on the Arbitrum chain: nearly $8 million;
· Assets stolen on the Base chain: nearly $3.95 million;
· Assets stolen on the Sonic chain: over $3.4 million;
· Assets stolen on the Optimism chain: nearly $1.57 million;
· Polygon On-Chain Asset Theft: Approximately $230,000.
Crypto KOL Adi posted that initial investigations indicate that the attack primarily targeted Balancer's V2 vault and liquidity pool, exploiting a vulnerability in smart contract interactions. On-chain investigators pointed out that a maliciously deployed contract manipulated the Vault call during pool initialization. Improper authorization and callback handling allowed the attacker to bypass protective measures, enabling unauthorized swaps between interconnected liquidity pools or balance manipulation, resulting in a rapid asset theft within minutes.
Based on the available information, there is no evidence of private key exposure; this is purely a smart contract vulnerability.
Audit firm kebabsec auditor and citrea developer @okkothejawa also mentioned, "The check error mentioned by @moo9000 may not be the root cause, as in all 'manageUserBalance' calls ops.sender == msg.sender. The security vulnerability may have occurred in a transaction prior to the creation of the contract that extracts assets, as it led to some state changes in the Balancer vault."
Balancer's official response stated: "Our team is aware of a potential vulnerability affecting Balancer v2 pools. Our engineering and security teams are actively conducting a high-priority investigation. Once we have more information, we will immediately share verified updates and next steps."
Berachain, which faces potential asset loss risks, also promptly responded. Following a post by the Berachain Foundation, Berachain founder Smokey The Bera stated, "The Bera node group has proactively paused the public chain operation to prevent the Balancer vulnerability from affecting the BEX (mainly the USDe three-pool).
· Instruct Ethena team to disable Bera bridging
· Disable/Suspend USDe deposits in the lending market
· Suspend HONEY token minting and exchange
· Communicate with CEXs and ensure hacker addresses are blacklisted
Our goal is to recover the funds as quickly as possible and ensure the safety of all LPs. The Berachain team will immediately release binaries to relevant node validators and service providers once ready (as this pool contains non-native assets, it involves some slot reconfiguration, not just modifying the Bera token balance)."
Balancer Attacker On-chain Information: https://intel.arkm.com/explorer/entity/cd756cb8-6a84-4f40-9361-f6c548544430
Balancer Hack: Cryptocurrency Whale Most Nervous
As a well-established DeFi protocol, Balancer's users are undoubtedly the most directly affected by this hack. For current users, actions that can be taken include:
· Withdraw funds from Balancer v2 pools to prevent further losses;
· Revoke Authorization: Use Revoke, DeBank, or Etherscan to revoke smart contract permissions from the Balancer address to avoid potential security risks;
· Stay Vigilant: Keep a close eye on the Balancer attacker's next moves and whether they will have a cascading impact on other DeFi protocols.
Additionally, a dormant cryptocurrency whale that has been inactive for 3 years has drawn attention in this hack.
According to LookonChain monitoring, a 3-year dormant crypto whale with the address 0x009023dA14A3C9f448B75f33cEb9291c21373bD8 has suddenly awakened after the Balancer platform vulnerability occurred. The whale is eager to withdraw its $6.5 million related assets from Balancer. On-chain information: https://intel.arkm.com/explorer/address/0x009023dA14A3C9f448B75f33cEb9291c21373bD8
Latest Development: Hacker Initiates Token Exchange Pattern
According to on-chain analyst Yu Jin's monitoring, the hacker of the Balancer hack has begun attempting to exchange many liquidity-staked tokens (LST) for ETH. Previously, the hacker exchanged 10 osETH for 10.55 ETH.
On-chain data shows that the hacker is continuously exchanging stolen assets across multiple chains for ETH, USDC, and other assets using the Cow Protocol. Currently, the hope of recovering these stolen assets seems slim.
In the future, whether Balancer can promptly identify the protocol contract vulnerability and recover the stolen assets quickly, or provide a corresponding solution, Odaily will continue to follow up.
You may also like
ZachXBT: Humanity private key leak and abnormal surge in H token should be viewed separately
On June 9, according to related disclosures, on-chain investigator ZachXBT posted an update on Humanity’s roughly $31 million security incident, saying that after further analyzing fund flows, he currently tends to believe the project team was not involved in an “inside job” or a self-staged attack. According to him, the official explanation about the private key leak was broadly accurate, but before the token unlock, the price of H had been artificially pushed higher, and the hacker later took advantage of that market environment; therefore, the private key leak and the earlier abnormal price pumping should be regarded as two separate and independent events. This reframing has shifted the market’s understanding of the nature of the incident. Earlier discussion around Humanity had focused on whether the team directly participated in the attack or used the security incident to cover up internal operations. ZachXBT’s latest remarks shift the focus from “whether it was self-theft” to “whether there were pre-unlock market structure issues.” He also questioned whether the team may have.
Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing
Morning Report | BitMine increased its holdings by 126,971 ETH last week; trader Eugene announced his exit from the crypto market
Wang Chuan: How can one not feel anxious after the neighbor Old Wang made thirty times profit by investing in storage stocks? (Seven) - A quarter-century cycle
Cryptocurrency CEXs are flocking to sell US stocks, and traditional brokerages are facing an "uninvited guest."
$75 billion in foreign capital has fled, and South Korean retail investors have absorbed it all using leverage
Japan’s Three Megabanks Plan Joint Stablecoin Issuance in Fiscal 2026
MUFG, SMBC, and Mizuho reportedly plan to jointly issue fiat-pegged stablecoins in fiscal 2026, signaling Japan’s growing push into bank-led digital payment infrastructure.
Humanity Discloses H Token Dual-Chain Attack Details, With Losses on Ethereum and BSC Exceeding $36 Million
Humanity said the H token attack across Ethereum and BSC caused more than $36 million in losses after leaked ProxyAdmin keys enabled malicious contract upgrades and token minting.
White House Discusses CLARITY Act With Law Enforcement Ahead of Senate Vote
The White House discussed the CLARITY Act with law enforcement ahead of a Senate vote, focusing on illicit finance risks and developer protections.
Bitcoin Trading Guide 2026: Strategies for Experienced Traders
What Is XAUT and PAXG? Why Tokenized Gold Is Booming in 2026
Will the SpaceX IPO Hurt Bitcoin? Here's What Traders Are Watching
Foreign selling in the South Korean stock market accelerates, with cumulative net sales reportedly reaching $75 billion this year
On June 9, The Kobeissi Letter, citing Goldman Sachs data, reported that global investors are selling South Korean stocks at an unusually rapid pace. In the latest trading session, foreign investors sold about $801 million worth of Kospi constituent stocks again; total foreign outflows last week reached about $10 billion, and the market has been in net foreign selling on nearly every trading day over the past month. According to the data cited in the report, foreign investors have sold about $75 billion worth of South Korean stocks so far this year. Meanwhile, South Korean retail and institutional investors together recorded roughly $69 billion in net buying over the same period, suggesting that the market’s main buying support has come from domestic capital rather than returning overseas funds. The information currently disclosed still mainly comes from The Kobeissi Letter’s retelling and Goldman Sachs data summaries, while public details on the statistical period and the specific definition of “selling” remain relatively limited.
Fortune Warns of Strategy’s Financing Structure Risks as Bitcoin Premium Narrows
Fortune warned that Strategy’s Bitcoin treasury model faces growing financing risks as MSTR’s net asset premium narrows and preferred stock dividend pressure increases.
Ferrari Challenge Le Mans: Carl Moon to Dominate in WEEX Livery
Sahara AI Responds to SAHARA’s Sharp Drop: No Contract or Product Security Issues Found, Internal Investigation Underway
Sahara AI responded to SAHARA’s 60% price drop, saying no token contract or product security issues have been found and an internal investigation is underway.
WEEX Deposit/Withdrawal Dynamic Island: Your Asset Status, Always in Sight
Scaling Crypto Derivatives: The Digital Asset Infrastructure Behind High-Volume Trading
In the fast-moving digital asset ecosystem, derivatives platforms face an extreme architectural test. High-leverage futures markets demand more than just standard security—they require absolute operational precision, zero-latency matching engines, and ironclad structural scalability, all while navigating intense market volatility.
As global platforms scale to meet these demands, the industry is shifting away from rigid, monolithic setups toward a more agile, "decoupled" infrastructure philosophy.
The Blueprint for High-Volume Copy TradingFor elite global exchanges like WEEX (founded in 2018), this architectural choice becomes critical when scaling high-volume retail features like social copy trading. When thousands of users automatically mirror the real-time strategies of elite traders simultaneously, it triggers sudden, monumental spikes in concurrent transactional volume.
To prevent execution latency or settlement bottlenecks during these peak volatility events, a platform's primary engine must remain entirely dedicated to risk management, copy-trade synchronization, and order matching.
The Architectural Rule: New-generation platforms must separate front-end user execution engines from heavy backend infrastructural overhead to eliminate operational friction.
By separating these layers, platforms can maintain complete sovereignty over their trading environments and user experiences while strategically aligning with institutional-grade infrastructure ecosystems. This strategic framework allows modern exchanges to leverage advanced Digital Asset Custody infrastructure such as Cobo’s behind the scenes, ensuring that backend wallet management scales elastically alongside trading spikes.
Capitalizing on Market Momentum and 400× LeverageIn a derivatives arena where platforms offer up to 400× leverage on perpetual contracts, capital efficiency and market agility are core business metrics. To capture market momentum, an exchange needs the ability to rapidly expand its asset offerings, supporting everything from legacy crypto assets to sudden, trending altcoins across a massive library of trading pairs.
Adopting a flexible, scalable Wallet-as-a-Service (WaaS) solution such as Cobo’s could completely rewrite the development timeline for high-growth exchanges. Instead of spending months of engineering capital building out custom backend wallet architectures for every new blockchain network, platforms can deploy localized infrastructure in days.
This agility allows platforms to instantly scale their listings to over a thousand trading pairs without compromising security or delaying time-to-market. It mirrors the exact operational advantages seen during high-velocity market events, similar to how advanced wallet infrastructure empowers platforms during sudden asset surges; allowing exchanges to pass that speed and liquidity directly to their global user base.
A Mature Foundation for GrowthThe synergy between trusted infrastructure ecosystems and global trading platforms represents the natural evolution of a maturing crypto market. As WEEX continues to scale its global spot and derivatives offerings for over 6 million users, adopting robust backend paradigms proves that platforms no longer have to compromise between cutting-edge trading velocity and uncompromised structural security.
ZachXBT: Humanity private key leak and abnormal surge in H token should be viewed separately
On June 9, according to related disclosures, on-chain investigator ZachXBT posted an update on Humanity’s roughly $31 million security incident, saying that after further analyzing fund flows, he currently tends to believe the project team was not involved in an “inside job” or a self-staged attack. According to him, the official explanation about the private key leak was broadly accurate, but before the token unlock, the price of H had been artificially pushed higher, and the hacker later took advantage of that market environment; therefore, the private key leak and the earlier abnormal price pumping should be regarded as two separate and independent events. This reframing has shifted the market’s understanding of the nature of the incident. Earlier discussion around Humanity had focused on whether the team directly participated in the attack or used the security incident to cover up internal operations. ZachXBT’s latest remarks shift the focus from “whether it was self-theft” to “whether there were pre-unlock market structure issues.” He also questioned whether the team may have.
Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing
Morning Report | BitMine increased its holdings by 126,971 ETH last week; trader Eugene announced his exit from the crypto market
Wang Chuan: How can one not feel anxious after the neighbor Old Wang made thirty times profit by investing in storage stocks? (Seven) - A quarter-century cycle
Cryptocurrency CEXs are flocking to sell US stocks, and traditional brokerages are facing an "uninvited guest."
$75 billion in foreign capital has fled, and South Korean retail investors have absorbed it all using leverage
