One of many decentralized finance (DeFi) sector’s longest established exchanges, Balancer, has suffered an ongoing good contract hack, with losses totalling $129 million to this point.
The exploit, which hit the trade’s v2 liquidity swimming pools on a number of blockchains, additionally reportedly affected tasks which had “forked” Balancer’s code.
Simply over two hours after the assault started, Balancer acknowledged the incident, stating it was “aware of a potential exploit impacting Balancer v2 pools.”
First launched within the run-up to 2020’s DeFi summer season, Balancer’s v2 later expanded on the prevailing “constant product” mannequin of automated market makers (corresponding to Uniswap and Bancor) by introducing multi-asset and weighted liquidity swimming pools.
Different massive DeFi tasks corresponding to Aave and Lido have reassured customers their tokens’ swimming pools aren’t affected.
Lido and Flashbots’ Hasu remarked that Balancer’s v2 “is one of the most looked at and forked smart contracts since. It’s very scary.”
In response to a preliminary evaluation from Blockchain safety auditor Decurity, the “manageUserBalance” operate accommodates a “faulty access check” which permits the hacker to withdraw funds.
It notes that, moreover, “the Vault’s internal balance (_internalTokenBalance) was manipulated before the withdrawal.”
1inch’s Anton Bukov suspects exploitation of a rounding error.
Balancer beforehand fell sufferer to a $2 million hack in August of 2023 as a result of a “rate manipulation” vulnerability in its Boosted Swimming pools.
The next month, it warned customers of a front-end compromise. In March of 2023, $11 million of Balancer pool funds had been drained through the hack on lending protocol Euler.
Cross-chain disaster
The exploit affected Balancer swimming pools on a number of blockchains, with losses reported on Ethereum, Berachain, Arbitrum, Base, Sonic, Optimism and Polygon.
Berachain introduced that “validators have coordinated to purposefully halt the Berachain network as the core team performs an emergency hard fork.”
DeFi knowledge dashboard DeFiLlama lists 27 tasks as forks of Balancer’s v2 code, with a mixed complete worth locked (TVL) of $78 million. Beets, a Balancer fork on Sonic, was reportedly hacked for $3.4 million.
Because the losses mounted, a Polymarket wager on whether or not the crypto group would see one other hack with over $100 million in losses earlier than the top of the yr jumped from roughly 25% chance to over 99%.
The incident is ongoing and this text can be up to date to mirror any main developments.
LIVE UPDATES
JUST IN
5 minutes in the past
The sheer variety of audits of Balancer’s v2 codebase reveals that even the longest established DeFi tasks should still include vulnerabilities
JUST IN
5 minutes in the past
Wildcat’s Laurence Day prolonged sympathy to the Balancer workforce whereas reflecting of his use of Balancer swimming pools for earlier mission Listed Finance. Take a look at Protos’ evaluate of the current Code Is Regulation documentary which options a few of DeFi’s finest recognized hacks.
Balancer exploit actually sucks to see: big fan of it as a protocol that obtained missed when it comes to its significance to Ethereum by the excessive clergymen
Listed was constructed as a fork of V2 – it’s an excellent piece of equipment
My sympathies to the workforce/everybody affected – this bit is a nightmare
— laurence (@functi0nZer0) November 3, 2025
JUST IN
3 minutes in the past
Roughly $600,000 has reportedly been saved by a whitehat bot operated by BitFinding.
The liveblog has ended.
No liveblog updates but.
Load extra
