Balancer V2 Loses $128 Million in Sophisticated Multi-Chain Exploit - BlockSecOps Blog

On November 3, 2025, Balancer V2 suffered its largest security breach to date when attackers exploited an access control vulnerability to drain $128.6 million across seven blockchains. The exploit targeted V2 Composable Stable Pools through a sophisticated two-pronged attack combining access control bypass with precision rounding manipulation, affecting not only Balancer but 27+ protocol forks sharing its codebase. Despite 11 comprehensive security audits from top-tier firms including OpenZeppelin, Trail of Bits, Certora, and ABDK, the vulnerability remained undetected in production code that had been operational for several years, marking this as Balancer's third major breach since 2020 and raising fundamental questions about current DeFi security practices.

The vulnerability exploited a fundamental flaw in five-year-old access control logic

The attack began at 7:48 AM UTC on November 3, 2025, when the exploiter initiated transactions targeting Balancer's centralized V2 vault architecture. Security firm BlockSec identified the primary vulnerability as an invariant manipulation attack through precision rounding error accumulation in the batchSwap function of V2 Composable Stable Pools. The secondary attack vector involved a faulty access control check in the manageUserBalance function, specifically within _validateUserBalanceOp, which improperly validated msg.sender against a user-supplied op.sender parameter. This allowed execution of UserBalanceOpKind.WITHDRAW_INTERNAL operations without proper authorization, enabling the attacker to trigger internal balance withdrawals from Balancer's vault contracts.

The technical sophistication of the attack is evident in its three-stage methodology. In the boundary positioning stage, the attacker swapped BPT (Balancer Pool Tokens) for underlying assets, precisely adjusting one token balance (cbETH in documented Arbitrum transactions) to a critical rounding boundary of 9 wei. During invariant manipulation, the exploiter used carefully constructed quantities of 8 wei to swap between underlying assets like wstETH and cbETH. Due to rounding-down during scaling operations, the calculated Δx became smaller (8.918 rounded to 8), causing Δy to be underestimated and making the invariant D—representing the pool's virtual total value in Curve's StableSwap model—artificially smaller. Since BPT price equals D divided by total supply, this artificially deflated BPT prices. The profit extraction stage involved swapping underlying assets back to BPT at the manipulated lower price, obtaining excess BPT tokens, and withdrawing liquidity to extract underlying assets.

Nansen research analyst Nicolai Sondergaard explained the mechanism: "The exploiter apparently faked a pile of fees into Balancer's fee account, then hit withdraw, turning fake credits into real assets." Security firm Defimon Alerts first publicly identified the vulnerability at approximately 9:18 AM UTC, tweeting that "manageUserBalance in @Balancer has a faulty access check. In _validateUserBalanceOp it checks msg.sender against user supplied op.sender. It allows to execute UserBalanceOpKind.WITHDRAW_INTERNAL (kind = 1)."

Attack execution demonstrated months of preparation and professional operational security

The attacker's funding patterns revealed extensive preparation. Coinbase director Conor Grogan's analysis identified that the exploiter had seeded the attack account via Tornado Cash, depositing 100 ETH through multiple small 0.1 ETH increments to avoid detection. Grogan noted that the absence of recent 100 ETH deposits to Tornado Cash suggested the funds originated from previous exploits, indicating this was not an isolated attack but part of a larger pattern of sophisticated crypto theft.

The attack unfolded simultaneously across multiple blockchains with surgical precision. Ethereum mainnet bore the brunt with approximately $99-100 million drained (77% of total losses), followed by Berachain at $12.86 million, Arbitrum at $6.86 million, Base at $3.9 million, Sonic at $3.44 million, Optimism at $1.58 million, and Polygon at $232,000. The stolen assets comprised primarily liquid staking tokens: 6,587 WETH (~~$24.5M), 6,851 osETH (~~$26.9M), and 4,260 wstETH (~$19.3M).

Three primary attacker addresses were identified on Ethereum: 0xaa76…8e3f holding approximately $100M (63.98% WETH, 26.92% osETH, 9% wstETH), 0x827…80f4 with ~$13.5M, and 0x0453…941c containing ~$3.7M. A secondary consolidation address 0x506D19…AE03207 was used to aggregate funds before laundering operations began. The attacker demonstrated zero operational security leaks—no social engineering traces, no compromised accounts, and professional-grade execution suggesting either state-sponsored actors or sophisticated cybercrime organizations.

The exploit affected Balancer forks across the entire DeFi ecosystem

The vulnerability's impact extended far beyond Balancer itself, affecting the broader ecosystem of protocols built on or forking Balancer V2 codebase. DeFiLlama identified 27 distinct Balancer V2 forks with combined TVL of $78 million, all potentially vulnerable to the same exploit. Confirmed affected protocols included Beets Finance on Sonic chain (losses of $3.4M), Beethoven X on Optimism (losses of $283K), and the Berachain BEX decentralized exchange.

Berachain's response was the most dramatic and controversial. Validators coordinated an emergency network halt at approximately 7:48 AM UTC to prevent further drainage of an estimated $12 million in user funds at risk in the Ethena/Honey tripool. Chief Smokey Officer Smokey The Bera acknowledged the contentious nature of the decision: "I'm sure that some won't be happy about this and we recognize that this could be seen as a contentious decision. Berachain doesn't benefit from Ethereum's degree of decentralization, but when user funds are threatened, we act to protect them." The Berachain Foundation executed an emergency hard fork on November 4, successfully recovering $12.8 million by coordinating with a white hat MEV bot operator who had been active on the chain for several months and agreed to pre-sign transactions returning the funds to the Berachain deployer address.

Other protocols responded with defensive measures. Lido proactively withdrew unaffected positions from Balancer to mitigate exposure. BNB Chain confirmed none of its native projects were affected but issued warnings to Balancer-forked projects to "exercise a high level of caution" and consider temporarily suspending operations. Polygon validators censored the hacker's transactions to freeze approximately $232K in stolen assets, while Sonic Chain altered logic for its native "S" token to blacklist the attacker's wallet addresses.

Eleven comprehensive audits failed to detect the vulnerability

The exploit's success despite extensive security reviews highlights critical gaps in current audit methodologies. Balancer V2 underwent 11 comprehensive audits by leading security firms between 2021 and 2023, with the vault contract specifically audited three separate times by different firms. The audit history included multiple reviews by OpenZeppelin, Trail of Bits (most recent stable pool audit in September 2022), Certora's formal verification efforts, and ABDK's mathematical analysis. Additionally, Balancer maintained active bug bounty programs throughout this period.

Blockchain researcher Suhail Kakar captured industry frustration: "Balancer went through 10+ audits. The vault was audited 3 separate times by different firms. Still got hacked for $110M. This space needs to accept that 'audited by X' means almost nothing. Code is hard, DeFi is harder." Trail of Bits declined to comment "until the root cause is identified and all Balancer forks are safe," while OpenZeppelin did not respond to requests for comment.

Security experts identified several reasons why audits failed to detect the vulnerability. Traditional audits focus on code correctness at a single point in time but miss economic exploitation through repeated micro-operations compounding over thousands of transactions. The composable interactions between multiple contracts created edge cases not covered in standard audit scopes. Individual rounding operations appeared mathematically correct in isolation; the cumulative effect of deliberate boundary targeting wasn't modeled. Static code analysis doesn't simulate sophisticated attack scenarios involving batch operations and cross-pool interactions. Most critically, this specific invariant manipulation through precision rounding boundary targeting represented a novel attack technique not previously documented in the DeFi security literature.

Cyvers CEO Deddy Lavid emphasized the need for paradigm shifts: "Static code audits are no longer sufficient. We need continuous, real-time monitoring to flag suspicious flows before funds are drained. The attackers bypassed access control layers to manipulate asset balances directly, marking a critical failure in operational governance rather than core protocol logic."

Market impact cascaded through DeFi with substantial liquidations

The exploit triggered immediate market disruption across cryptocurrency markets. Ethereum fell 6-9% on November 3, dropping from approximately $3,900 to between $3,630-$3,583, with an intraday low of $3,474—the lowest level in nearly three months. Bitcoin declined 2.8-4%, falling from above $108,000 to approximately $105,000-$105,699 with a brief dip to $103,687. Solana experienced the steepest losses among major assets, dropping 9-10% to below $160 in some reports, while BNB fell 6.4%, XRP dropped 5%, and Dogecoin declined approximately 6%.

While the Balancer exploit contributed significantly to negative sentiment, the November 3 market decline was compounded by multiple macroeconomic factors including Federal Reserve Chair Jerome Powell's hawkish commentary discouraging expectations of future rate cuts, the ongoing U.S. government shutdown entering its 35th day, and broader risk-off sentiment across financial markets.

The cascading liquidations were severe. Over the 24-hour period spanning November 3-4, approximately $1.16-1.37 billion in leveraged positions were liquidated across cryptocurrency markets. Long positions bore the brunt with $1.08-1.2 billion liquidated (87-90% of total), compared to $158.78 million in short liquidations. Bitcoin positions accounted for roughly $298 million in liquidations, Ethereum $273 million, Solana $154 million, and XRP $32 million. The single largest liquidation was a $47.87 million BTC-USDT order on OKX. Approximately 334,936 traders were liquidated as thin weekend order books amplified downside moves. The Fear & Greed Index plummeted to 21 (Extreme Fear)—the lowest level in weeks.

Institutional flows reflected the risk-off environment. U.S. spot Bitcoin ETFs experienced $1.15 billion in outflows during the week preceding the exploit, with an additional $191 million in Bitcoin ETF outflows on November 3 alone. Ethereum ETFs saw $98 million in daily outflows. BlackRock's Bitcoin ETF recorded less than 600 BTC in weekly inflows compared to 10,000+ BTC in previous weeks.

Balancer's infrastructure sustained catastrophic TVL decline

The direct impact on Balancer was devastating. The protocol's Total Value Locked plummeted from approximately $770 million (some sources cite $678-750 million) immediately before the exploit to between $214-422 million in the hours following the attack—representing a 46-51.5% decline as approximately $400 million in panicked withdrawals flooded out of the protocol. One notable whale wallet that had been dormant for over three years suddenly activated and withdrew $6.5 million during the ongoing attack, flagged by Lookonchain as evidence of sophisticated users rapidly de-risking.

Balancer's native BAL token experienced sharp declines of 5-11% depending on the reporting source, trading between $0.82-$0.98 during the incident compared to previous levels above $0.98. The token, which ranked #427 on CoinMarketCap at the time with a market capitalization of approximately $51-66 million, demonstrated bearish technical indicators including trading below both 50-week and 200-week moving averages.

The broader 2025 DeFi security landscape provides sobering context. By mid-year 2025, cryptocurrency hacks and exploits had already surpassed $2.2 billion, exceeding all of 2024's losses. The Balancer exploit ranked as the third-largest DeFi hack of 2025, behind the massive $1.4-1.5 billion Bybit exchange hack in February (attributed to North Korean actors) and the $225 million Cetus Protocol exploit on Sui in May (of which $162 million was ultimately recovered). October 2025 had been the lowest month of the year with only $18 million in losses before Balancer's November incident pushed the month past $120 million, making it the third-worst month of 2025.

Incident response revealed both coordination strengths and communication gaps

Balancer's official response began approximately two hours after the exploit started. The team's first acknowledgment on X (Twitter) stated: "We're aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating with high priority. We'll share verified updates and next steps as soon as we have more information." Later that day, a more detailed statement specified: "Today, around 7:48 AM UTC, an exploit affected Balancer V2 Composable Stable Pools. Our team is working with leading security researchers to understand the issue and will share additional findings and a full post-mortem as soon as possible. Because these pools have been live onchain for several years, many were outside the pause window. Any pools that could be paused have been paused and are now in recovery mode. This issue is isolated to V2 Composable Stable Pools and does not impact Balancer V3 or other Balancer pools."

Emergency security responses included immediately pausing all V2 Composable Stable Pools within the protocol's pause window and transitioning affected pools to recovery mode. However, Balancer acknowledged a critical limitation: many affected pools had been live on-chain for several years and were outside the pause window, preventing immediate intervention. The team urged users to revoke all Balancer-related token approvals via services like Revoke.cash or DeBank and warned about phishing campaigns impersonating the security team: "Fraudulent messages claiming to be from the Balancer Security Team are circulating. These are not from us. Do not interact with unsolicited communications or click unknown links."

Balancer sent an on-chain message to the attacker offering a 20% white hat bounty (approximately $25.6 million) if full funds were returned minus the reward within 48 hours by Wednesday, November 5. The message included an implicit threat: "Our partners have a high degree of confidence you will be identified from access-log metadata collected by our infrastructure, indicating connections from a defined set of IP addresses/ASNs and associated ingress timestamps that correlate with the transaction activity on chain." The deadline passed with no response from the attacker, and Balancer confirmed coordination with law enforcement, legal advisors, and cybersecurity experts for ongoing investigation.

Simão Pinto, DeFi Lead at Balancer, expressed the team's response: "It's a sad day for the industry and for everyone who's worked tirelessly to build secure and transparent systems. We deeply appreciate the support from our partners, users, and the broader DeFi community as we work through this together."

Partial fund recovery demonstrated smart contract intervention capabilities

The most successful recovery effort came from StakeWise DAO, which executed emergency multisig actions on November 4 to recover $21 million in stolen assets—73.5% of the osETH taken and 100% of osGNO. The StakeWise DAO wallet held controller privileges for osETH and osGNO smart contracts, allowing them to temporarily grant controller powers, burn tokens in the hacker's wallet, mint equivalent amounts in DAO wallets, and then revoke controller privileges. This recovered 5,041 osETH (~~$19.3 million) and 13,495 osGNO (~~$1.7 million). StakeWise announced pro-rata compensation to affected users based on pre-exploit balances. However, the remaining 26.5% of stolen osETH (~$7 million) had been converted to ETH too quickly for recovery, and over 50% of total stolen assets were already swapped to ETH by the attacker.

The StakeWise recovery, while successful in monetary terms, exposed a paradox in "decentralized" protocol design—the ability to burn and mint tokens from any wallet revealed centralized control mechanisms that many users assumed didn't exist. This sparked debate about acceptable tradeoffs between security and true decentralization.

Industry coordination involved collaboration between Balancer, Gnosis contributors, the SEALs security collective, and Safe's smart contract wallet infrastructure. Richard Meissner, co-founder of Safe, assisted in recovery operations, highlighting what he termed "the importance of open-source collaboration in the blockchain ecosystem."

Total recovery across all efforts reached approximately $33.8 million (26% of the $128.6 million stolen), with the attacker retaining control of roughly $94.8 million. The attacker remained active on Ethereum, systematically converting stolen liquid staking tokens to ETH and routing funds through Tornado Cash for laundering. Security firm Cyvers confirmed the use of Tornado Cash for obfuscation, tracking the consolidation of assets across multiple newly created wallets.

Attribution theories point to sophisticated state-level actors

While no official attribution has been confirmed by law enforcement or blockchain forensics firms, several circumstantial factors have led security researchers to compare this attack to known North Korean advanced persistent threat (APT) operations, particularly the Lazarus Group umbrella organization. The funding methodology—pre-positioning 100 ETH in Tornado Cash and deploying it through small 0.1 ETH increments—matches patterns observed in confirmed North Korean cryptocurrency thefts. Conor Grogan's analysis that the attacker likely possessed funds from previous exploits suggests connections to broader cybercriminal operations rather than an isolated actor.

North Korean cryptocurrency theft has reached unprecedented scales in 2025. Multi-government reports documented that DPRK-linked actors stole $1.65 billion between January and September 2025 alone, bringing the total since 2021 to over $5 billion. The largest 2025 operation was the $1.4-1.5 billion Bybit exchange hack in February, which exhibited similar sophisticated preparation and execution patterns. North Korean groups under the Lazarus umbrella—including APT38 (financially motivated, targeting SWIFT systems), BlueNoroff (financial institutions), and Andariel (South Korea focus)—have developed expertise in cryptocurrency theft to fund ballistic missile and nuclear weapons programs under international sanctions.

The sophistication markers evident in the Balancer attack align with known North Korean operational characteristics: months of apparent preparation, zero operational security leaks indicating professional discipline, deep technical understanding of target systems requiring extensive reconnaissance, multi-chain coordination capability, and systematic laundering through Tornado Cash and other mixing services. However, security experts caution that these similarities do not constitute definitive proof. The attacker could be a sophisticated independent actor, organized cybercrime group, or someone with insider knowledge of Balancer's codebase deliberately mimicking North Korean tactics to misdirect attribution.

Blockchain forensics specialists from PeckShield, Cyvers, Nansen, and Chainalysis continue monitoring wallet addresses and fund flows, with law enforcement engaged for investigation. Recovery prospects remain low unless centralized exchanges can identify and freeze deposits, which appears unlikely given the professional laundering operations already underway.

Historical context reveals pattern of escalating breach severity

This marks Balancer's third major security breach, revealing an alarming pattern of increasing exploit severity despite iterative security improvements. In June 2020, Balancer suffered its first significant attack when exploiters drained $500,000 by repeatedly calling swapExactAmountIn on pools containing deflationary tokens (STA/STONK), exploiting Balancer's failure to correctly calculate balances after each transfer. In August 2023, attackers exploited a precision rounding vulnerability in V2 Boosted Pools for $2.1 million in flash loan attacks, occurring five days after Balancer had disclosed the vulnerability and warned users to withdraw—demonstrating that even with advance notice, complex technical migrations struggle to complete before exploitation. September 2023 saw a DNS/frontend hijacking attack via BGP manipulation through compromised EuroDNS registrar, resulting in $238,000 in losses as users were redirected to phishing sites deploying Angel Drainer malicious contracts.

The November 2025 exploit at $128 million represents a 64-fold increase over the previous largest breach, making it not only Balancer's worst incident but one of the most significant DeFi hacks of 2025. The cumulative losses across Balancer's breach history now exceed $143 million, with four of six major incidents occurring in just the 2023-2025 period.

Comparison to similar DeFi exploits reveals common attack vectors. Curve Finance suffered a $70 million reentrancy vulnerability in July 2023 due to a Vyper compiler bug—similar in scale and technical sophistication to Balancer V2. Euler Finance lost $197 million in March 2023 to flash loan attacks, which indirectly affected Balancer for $11.9 million when Balancer's bb-e-USD pool held Euler's eTokens. Access control vulnerabilities across all DeFi protocols in 2024 accounted for $953.2 million in losses, highlighting this as a persistent and inadequately addressed attack surface.

Security implications demand fundamental paradigm shifts

The exploit exposes critical inadequacies in current DeFi security practices that extend far beyond a single protocol. Despite 11 audits over four years including three separate vault audits by different top-tier firms, the vulnerability remained undetected in production code. This represents a fundamental failure of the static audit model that dominates current practice—auditors review code correctness at a point in time but cannot predict how sophisticated actors will compose multiple correct operations into exploitative patterns through economic logic manipulation.

Hasu, strategic advisor to Lido and Flashbots, articulated the broader impact: "Balancer v2 went live in 2021 and has since become one of the most closely watched and frequently forked smart contracts. This is very concerning. Every time a contract that has been live for so long gets hacked, it sets DeFi adoption back by 6 to 12 months." The comment reflects institutional hesitation around DeFi adoption when even extensively audited, battle-tested protocols prove vulnerable.

The composability paradox lies at the heart of DeFi's systemic risk. The modular design enabling rapid innovation through protocol composition also creates vulnerabilities that cascade across entire ecosystems. A single flaw in Balancer V2's widely-forked codebase exposed 27+ protocols with $78 million combined TVL. The centralized vault architecture introduced in Balancer V2—where all tokens from every pool are held in a single contract rather than separate pool contracts—created a single point of failure that amplified attack impact, allowing one vulnerability to drain multiple pools simultaneously.

Security experts recommend fundamental shifts toward continuous real-time monitoring rather than periodic static audits, formal verification specifically for economic logic and invariant properties rather than just code correctness, adversarial testing that simulates sophisticated attack scenarios with thousands of micro-transactions, composability-focused audits examining protocol interactions rather than isolated contracts, and enhanced bug bounty programs with specialized rewards for economic logic vulnerabilities and composable exploit scenarios.

For blockchain security professionals, the technical lessons are clear. Access control mechanisms require continuous review and should separate internal balance operations from user-controlled inputs, implementing multi-signature requirements for large internal transfers. Mathematical operations involving rounding require stricter bounds checking on accumulated errors, invariant validation after batch operations, and consideration of higher precision arithmetic for critical calculations. Economic safeguards must include price manipulation detection algorithms, rate limiting on repeated micro-transactions, and anomaly detection for unusual swap patterns. Circuit breakers should automatically trigger on suspicious transaction patterns, particularly in cross-pool interactions.

Balancer confirmed that affected users are "eligible for compensation" with specific details pending the full post-mortem report. V3 pools remain unaffected and represent the migration path forward, though the exploit raises questions about whether architectural changes in V3 adequately address the vulnerabilities that plagued V2. The protocol's reputation has sustained severe damage, with TVL unlikely to recover to pre-exploit levels without extraordinary security improvements and transparent incident resolution.

The November 3, 2025 Balancer V2 exploit stands as a defining moment for DeFi security, demonstrating that the industry's current security posture—extensive auditing, bug bounties, and iterative improvements—remains insufficient against sophisticated adversaries exploiting economic logic vulnerabilities in complex, composable systems. Until DeFi adopts continuous monitoring, economic logic verification, and real-time anomaly detection as standard practice, similar exploits exploiting subtle mathematical properties across thousands of transactions will continue to erode confidence in decentralized financial infrastructure.

Conclusion

The sophistication, scale, and systemic impact of this exploit demand that security professionals recognize audits as necessary but not sufficient. The path forward requires investment in real-time monitoring infrastructure, development of automated economic logic verification tools, industry-wide standards for composability risk assessment, enhanced coordination mechanisms for rapid incident response across interconnected protocols, and honest acknowledgment that complex DeFi systems may contain exploitable emergent properties that cannot be fully eliminated through current practices. The question facing the industry is whether these lessons will drive the necessary paradigm shifts before the next major breach sets DeFi adoption back another 6-12 months.