DeFi Protocol Balancer Hacked For $100M And Forked Projects Affected

TLDR

• Over $100M drained from Balancer via V2 contract exploit on November 3, 2025.
• Three Ethereum wallets linked to the attacker hold $117M in stolen assets.
• Forked projects Beets.fi and Berachain were affected due to code reuse.
• BAL token dropped 5% after news of the $100M exploit was made public.

Over $100 million has been stolen from Balancer, one of the top decentralized finance (DeFi) liquidity protocols, in a major security breach. The attack has also affected several forked projects that share the same open-source code. Early estimates show that three Ethereum wallets linked to the exploit currently hold over $117 million in digital assets, according to security firm HashDit.

Hack Discovered on November 3, 2025

The breach was reported at 09:18 UTC on November 3, 2025. HashDit’s monitoring tools quickly flagged unusual activity across multiple Ethereum wallets. The attack mainly targeted Balancer’s V2 smart contracts, which manage various liquidity pools involving staked ETH tokens.

Blockchain data shows that the attacker used a smart contract logic flaw to manipulate pool balances. The main wallet (0xaa76…8e3f) holds around $100 million in digital assets, with 63.98% in WETH, 26.92% in osETH, and 9% in wstETH. Two other wallets linked to the exploit were found with $13.5 million and $3.7 million, respectively.

The hack is the largest in Balancer’s history and ranks among the biggest DeFi exploits reported in 2025 so far.

Forked Projects Beets.fi and Berachain Also Targeted

The attack did not stop with Balancer. Forked projects such as Beets.fi (Beethoven X) and Berachain were also affected due to their shared codebase. HashDit alerted several teams shortly after the breach was discovered.

Beets.fi confirmed via Discord that its liquidity pools are under internal review. Berachain paused its liquidity mining operations as a precaution. While no attacks were reported on the BNB Chain, developers using Balancer’s code were urged to conduct emergency audits to ensure security.

Forked protocols are often built on the same code, which can lead to similar vulnerabilities if not properly tested or updated. The teams behind the affected projects have yet to share full details of the security checks or any possible losses.

Breakdown of Stolen Assets and Vulnerability

According to blockchain analysis, the attacker drained three types of assets: WETH, osETH, and wstETH. These are commonly used in Balancer’s V2 liquidity pools. The exploit worked by abusing how pool balances were calculated in smart contracts.

The second wallet (0x827…80f4) contains $13.5 million in ETH, osETH, and wstETH. The third (0x0453…941c) holds about $3.7 million, mostly in an unidentified token that analysts believe could be a stablecoin.

Security researchers noted that Balancer’s V2 contracts were at the core of the vulnerability. They also warned that open-source DeFi projects face increased risk if code updates are not done regularly.

This incident comes after earlier issues faced by Balancer. In 2020, it lost $500,000 to a deflationary token exploit. In 2023, it suffered another breach worth $900,000 due to a similar pool vulnerability.

Market Reaction and Ongoing Monitoring

Following the public disclosure, Balancer’s token (BAL) dropped around 5% within hours. The broader DeFi market did not show major movement, but security teams across protocols started urgent reviews of their smart contract code.

As of the latest update, no official statement has been released by Balancer. Analysts are still tracking the wallets linked to the attack. Some believe centralized exchanges may be able to freeze funds if the attacker tries to cash out.

HashDit and other blockchain security firms continue to monitor on-chain activity. So far, the attacker has not moved the stolen funds to mixers or exchanges. The next few days will likely determine whether the assets can be recovered or blocked.

The post DeFi Protocol Balancer Hacked For $100M And Forked Projects Affected appeared first on CoinCentral.