Balancer suffers $116M exploit targeting wrapped ETH

Balancer, one of the oldest DeFi protocols, has been exploited on multiple chains. Within an hour, the estimated losses expanded from $70M to over $116M. 

Balancer was the target of the most recent attack against DeFi, targeting wrapped ETH and other assets on multiple chains. The initial estimates were for losses of $70M, but the attack was ongoing, quickly reaching $116M. 

The Balancer attack arrived after several relatively quiet months, when hackers selected more obscure protocols. Balancer may line up among the biggest DeFi hacks for 2025. Soon after the exploit, a whale dormant for over three years moved in to withdraw the entire stake from Balancer. 

As DeFi protocols remain more popular for passive yield, they also become more attractive for hackers. 

Balancer was exploited for $91M on the Ethereum L1 chain, though assets were also taken on Arbitrum, Base, and Optimism. Soon after the initial attack, the hacker started splitting the assets to new wallets.

Balancer exploited through ongoing smart contract interactions

The current Balancer hack may be due to a flawed smart contract, which allowed the attacker to mint unauthorized tokens. Some of the token interactions included functions like ‘approve infinite wstETH’. 

The Balancer attack wallet was identified, currently holding multiple versions of wrapped ETH on several chains. The coins have not been unwrapped or traded. If the hacker decides to swap some of the assets, this may further exacerbate problems with other DeFi protocols, or crash the price of ETH. 

Following the hack, ETH traded at $3,735.04. ETH remains a frequently attacked asset, due to the ease of swapping, trading, or mixing. 

The Balancer exploit arrived just days after a smaller theft of $5.5M from the Garden Finance bridge. As Cryptopolitan reported, in the whole month of September, 20 thefts led to a total loss of $127M. 

Balancer V2 pools were affected

Following the attack, Balancer reacted on Discord, stating that mostly V2 pools were affected. Balancer V2 carries relatively limited volumes, though the DEX reported an anomaly of $26B traded in the past 24 hours, based on CoinGecko data. Balancer announced it is working with security experts on the next step. 

According to the exchange team, V3 remains unaffected, though there are conflicting data that the hacker attempted to break multiple vaults. Currently, V2 is still leading in terms of volumes, though V3 attempts to become the main trading venue with growing stablecoin activity. 

Balancer activity has remained relatively low compared to newer DEXs and DeFi platforms. The chain locked in $678M, down from a peak $3.11B in 2022. The platform attempted to renew its influence during the latest bull cycle. 

The hack hardly affected the BAL native token, which is traded on low volumes and has lost over 99% of its value since launch. 

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.