Balancer, the popular Automated Market Maker (AMM) and decentralized liquidity protocol, suffered a major hack early Monday morning around 9:30 a.m. UTC.
Attackers drained about $128 million in crypto across several chains, due to a bug in Balancer V2’s vault system.Â
What Happened To Balancer?
The Balancer V2 vault acts as a central hub for liquidity, holding tokens for all Balancer pools.Â
A specific function – manageUserBalance – didn’t properly check permissions, allowing attackers to withdraw funds they didn’t own.
Security teams from PeckShield, Cyvers, and Decurity spotted the issue and traced it to faulty access controls.Â
The attackers started on Ethereum, then moved on to other networks using Balancer’s design or code.
This included prominent Layer 2 networks such as Arbitrum, Base, Polygon, and Optimism, as well as Berachain and Sonic.Â
Assets, including StakeWise Staked ETH (osETH), Wrapped ETH (WETH), and Wrapped stETH (wstETH), were transferred into new wallets and began consolidating funds – potentially to launder them later.
As more networks reported losses, the running total exceeded $128M.
Why Did It Spread Across Protocols?
Balancer V2’s architecture places most tokens into one central vault to save gas, as well as make it easier to build new pool types.Â
This structure improves efficiency and flexibility for developers, but it also introduces a single point of failure.Â
When the vault’s access controls failed, the weakness didn’t remain isolated – every pool connected to that vault was suddenly exposed.
Several other protocols that reused or built on parts of Balancer’s open-source code were also exposed to the exploit.
This resulted in the following actions by projects based on Balancer’s code:
- Beets Finance reported roughly $3M affected.
- Beefy paused all products tied to Balancer V2.
- Berachain halted its entire chain while the core team prepared an emergency hard fork to protect around $12M in user funds.
Balancer’s Reaction
Balancer posted on X that engineering and security teams are treating the exploit as a top priority, however a post-mortem statement and report are still pending.
Market Reaction
Balancer (BAL) has now dropped more than 10% over the last 24 hours, as the hack coincides with a broader market sell-off.
The token is currently trading at $0.884, down from $0.983 on Sunday.
Crypto Hacks In 2025
Despite a quiet year for DeFi, crypto hacks have surged in 2025.
Chainalysis had already counted over $2.17B stolen by mid-2025 – already worse than the entirety of 2024.Â
This Balancer hit adds to that total and shows a trend: attackers are going after both big protocols and individual wallets.
What Should Users Do?
It is recommended that users pause all interactions with Balancer V2 pools (and any related apps) until the team publishes confirmed fixes.
Check official project channels — such as X accounts, Discord servers, or Websites — for a list of affected pools, and avoid trading affected tokens until a resolution has been verified.
