Hackers ripped through Balancer’s smart contract defenses Wednesday, draining a staggering $116 million in digital assets from one of DeFi’s largest liquidity protocols. The attack, which began around 9:18 UTC on November 3, 2025, quickly escalated from initial estimates of $70 million as the exploit spread like wildfire across multiple blockchain networks. So much for security audits.
Another day, another DeFi collapse as hackers ransack Balancer for a cool $116 million across multiple networks.
The thieves made off with a crypto shopping spree: 6,587 WETH worth $24.5 million, 6,851 osETH valued at $26.9 million, and 4,260 wstETH at approximately $19.3 million. The damage wasn’t limited to Ethereum either. The hackers methodically drained funds across six networks, including Arbitrum ($8M), Base ($3.95M), and Sonic ($3.4M).
Technical analysis revealed the culprit: a critical vulnerability in Balancer’s V2 vault, specifically in the “manageUserBalance” function. The vulnerability stemmed from improper authorization checks during pool initialization. The flaw fundamentally gave attackers VIP access to everyone’s crypto. No private keys were compromised—just good old-fashioned smart contract bugs doing what they do best: losing people money.
Balancer, which held around $750 million in total value locked before the attack, saw its native BAL token tumble 5-10% as news spread. The protocol’s team acknowledged the breach and promised to investigate. Fat lot of good that does now. Investors would have been better protected had they employed tiered stop-loss orders to limit their exposure to the plummeting BAL token.
What makes this exploit particularly nasty is how it leveraged Balancer’s interconnected design against itself. The attackers used malicious contracts to bypass normal permission checks, manipulating the vault with unauthorized withdrawals via UserBalanceOpKind.WITHDRAW_INTERNAL. Fancy technical term for “we’re taking your money.”
The stolen funds were quickly shuffled into fresh wallets, likely prepping for a money-laundering tour through crypto mixers and bridges. This marks November’s first major DeFi hack, following an October that saw $88 million pilfered from various protocols. CEO Mikko Otamaa has suggested that a bug in validation logic was responsible for the vulnerability.
The crypto world’s security woes continue, and trust in composable DeFi takes another hit. Shocking absolutely no one.
