A significant exploit has impacted the DeFi protocol Balancer, resulting in losses exceeding $116 million. Yesterday morning, an attacker drained funds from Balancer’s V2 Composable Stable Pools. While most losses were concentrated on Ethereum ($100 million), smaller amounts were also taken from other networks like Base, Sonic, Arbitrum, Optimism, and others. According to reports by Lookonchain, the hacker is currently converting stolen assets into Ethereum. 🕵️‍♂️ đź’° ,
Balancer’s team is collaborating with security researchers for an investigation.
The statement on X clarifies that all other Balancer pools remain unaffected. This incident only affects V2 Composable Stable Pools, and does not impact Balancer V3 or other Balancer pools.
To secure funds impacted by the exploit, Berachain validators implemented an emergency hard fork. StakeWise DAO also recovered approximately $20.7 million in assets from the exploiter. These funds will be returned to affected users based on pre-exploit balances.
While Balancer V2 has undergone multiple audits from prominent firms like Trail of Bits, OpenZeppelin, Certora, and ABDK, this incident highlights that even well-tested protocols are vulnerable. This event sparked concern about the security of DeFi systems as even trusted infrastructure was affected.