Hackers exploited a vulnerability in Balancer, a decentralized finance (DeFi) protocol, stealing over $120 million in cryptocurrency, with at least $99 million in ETH compromised. The attack was traced to faulty access control mechanisms, allowing attackers to bypass security measures. Balancer paused affected pools and initiated recovery mode, collaborating with security and legal teams for a thorough investigation. The incident prompted warnings about fraudulent messages impersonating Balancer’s security team. Several associated platforms (e.g., Berachain, Gnosis, Sonic) took emergency actions, freezing stolen funds where possible. While Balancer had undergone 10+ audits and maintained bug bounty programs, this exploit marks one of its most severe breaches. The attack aligns with a broader trend of North Korean state-sponsored hackers targeting DeFi platforms, with over $2 billion stolen in H1 2025, funding illicit programs like ballistic missile development.

Balancer, a decentralized exchange (DEX) and liquidity protocol, suffered a major security breach resulting in losses exceeding $116.6 million in digital assets. The ongoing attack involved the transfer of 6,587 WETH (~$24.46M), 6,851 osETH (~$26.86M), and 4,260 wstETH (~$19.27M) from Balancer’s pools to an attacker-controlled wallet. The exploit remains active, with no immediate mitigation confirmed. While Balancer’s team acknowledged the incident and promised compensation for affected users, the breach underscores persistent vulnerabilities in DeFi infrastructure despite regulatory scrutiny and prior security enhancements. This marks a recurrence, following a smaller $238,000 theft in 2023. The attack’s scale and direct financial impact on users and the protocol’s reputation highlight systemic risks in decentralized finance (DeFi) platforms.

Balancer, a decentralized finance (DeFi) protocol built on Ethereum, suffered a major exploit targeting its V2 Compostable Stable Pools, resulting in losses exceeding $128 million. The attack exploited a precision rounding error in the Vault’s swap calculations, where token amounts were rounded down during swaps, creating small discrepancies that the hacker compounded through repeated batchSwap operations, leading to severe price distortions. Alternative theories suggest the breach stemmed from improper authorization and callback handling in the V2 vaults, allowing a maliciously deployed contract to bypass safeguards and manipulate pool balances.The incident did not affect other Balancer pools, including V3, but raised concerns about security despite the protocol undergoing 11 audits since 2021. Following the attack, a phishing attempt impersonated Balancer, offering the hacker a fake 20% 'white-hat bounty' in exchange for returning the funds, while threatening legal action. The exploit ranks among the largest DeFi heists of 2025, with North Korean hackers suspected as the likely perpetrators, given their history of high-profile crypto thefts, including a $1.5 billion attack on Bybit earlier in the year.