Balancer V2, one of the most prominent automated market makers (AMMs), has suffered a large-scale security incident. The Balancer data breach exposed a critical Balancer vulnerability within its smart contract infrastructure, allowing an attacker to siphon as much as $128 million worth of digital assets from the platform in minutes.
The Balancer data breach stemmed from a flaw in the V2 vault and its liquidity pools. Investigations by blockchain analysts revealed that a maliciously deployed contract exploited Balancer’s pool initialization process. This contract manipulated internal calls in the vault, bypassing protection meant to prevent unauthorized swaps or balance changes.
The vulnerability was tied to a faulty check in the manageUserBalance function, where the internal validation mechanism (_validateUserBalanceOp) could be bypassed. By exploiting this loophole, the attacker was able to specify unauthorized parameters and drain funds from the vault without proper permission.
The attack began with a series of rapid Ethereum mainnet transactions before expanding across several networks. The composable design of Balancer V2, where multiple pools share a single vault, amplified the impact, making it easier for the exploit to spread.
Extent of the Balancer Data Breach
Preliminary data shows the attacker stole between $110 million and $116 million, with some estimates reaching $128 million, making it one of the largest DeFi exploits of 2025.
The stolen assets included several liquid staking derivatives and wrapped tokens such as WETH, wstETH, osETH, frxETH, rsETH, and rETH. Most of the funds—around $70 million- were drained from the Ethereum mainnet, while the Base and Sonic networks lost approximately $7 million combined. Other chains accounted for at least $2 million in additional losses.
On-chain activity shows that the stolen assets were funneled into newly created wallets, with funds later moved through cross-chain bridges and likely laundered through privacy mixers.
Despite the extensive nature of the Balancer vulnerability, investigators confirmed that no private keys were compromised; the breach was purely a smart contract exploit.
Security Audits and Community Reactions
What makes the Balancer hack particularly interesting is that the protocol had undergone more than ten independent audits. Its V2 vault was reviewed three separate times by different security firms. Yet the exploit still occurred, a fact that has reignited debate over the reliability of DeFi audits.
Suhail Kakar noted on X (formerly Twitter):
“Balancer went through 10+ audits. The vault was audited three separate times by different firms—still got hacked for $110M. This space needs to accept that ‘audited by X’ means almost nothing. Code is hard, DeFi is harder.”
Other blockchain researchers echoed similar concerns, emphasizing that composable DeFi systems—where smart contracts interact in complex, interdependent ways—create additional attack vectors even when individual components appear secure.
This is not Balancer’s first security challenge. The platform previously suffered smaller incidents, including a $520,000 exploit in June 2020, an $11.9 million attack in March 2023, and a $2.1 million loss in August 2023 due to precision vulnerabilities in its V2 Boosted Pools.
User Warnings and Aftermath
Experts urged users exposed to Balancer V2 pools to take immediate precautions:
- Withdraw funds from affected pools as soon as possible.
- Revoke smart contract approvals for Balancer-related addresses via platforms such as Revoke, DeBank, or Etherscan.
- Monitor wallet activity using tools like Dune Analytics or Etherscan to spot unusual transactions.
- Stay informed by following updates from auditors and blockchain security firms such as PeckShield and Nansen.
The impact of the Balancer hack was felt across the broader DeFi market. The BAL token dropped by roughly 5–10% in value, and Balancer’s total value locked (TVL) decreased sharply as liquidity providers withdrew funds amid growing uncertainty.
