Written by: 1912212.eth, Foresight News

On the afternoon of November 3, the well-established DeFi protocol Balancer suffered a significant security vulnerability attack. The attacker manipulated the core smart contracts of the protocol and successfully extracted over $110 million worth of cryptocurrency assets from multiple liquidity pools, transferring them from Balancer's treasury to a wallet controlled by the attacker within just a few hours. As a result of the attack, the price of BAL dropped to around $0.9, with a 24-hour decline of 8.64%.

According to data from DeBank, the stolen funds included $99.85 million from the Ethereum ecosystem, $7.95 million from the Arbitrum chain, $3.94 million from the Base ecosystem, $3.4 million from Sonic, and $1.56 million from the OP chain.

As of 5:41 PM, an investigation from SlowMist revealed that the total amount stolen was $128.64 million, which included an additional $12.86 million from Berachain.

The Berachain official stated that they have suspended HONEY minting and the BEX pool/treasury functions. Their validator nodes have coordinated to suspend the operation of the Berachain network to allow the core team to execute an emergency hard fork to address the vulnerability issues related to Balancer V2 on BEX.

This massive theft prompted the dormant whale 0x0090, which had been inactive for three years, to quickly act and extract funds from Balancer.

This incident not only exposed access control flaws in the Balancer V2 architecture but also affected multiple blockchain networks, including the Ethereum mainnet, Base, Polygon, and Sonic, leading to a rapid increase in total losses.

Currently, the attack is still ongoing.

Balancer was established in 2020 and developed by Balancer Labs. It is an automated market maker (AMM) protocol that allows users to create custom liquidity pools and supports weighted adjustments of various assets. Unlike simpler AMMs like Uniswap, Balancer's design emphasizes flexibility and capital efficiency, especially with the introduction of "Boosted Pools" and a vault system in V2, aimed at optimizing yields and reducing slippage. During the last DeFi boom, Balancer's TVL once soared to $3.239 billion.

Currently, the protocol's TVL is only $678.44 million.

Analysis shows that this attack originated from an access control failure in the vault contract: the attacker exploited the flash loan mechanism to forge permissions and extract assets from the boosted pool. Specifically, the attacker manipulated rate providers to bypass authorization checks and directly transferred funds from the vault to the external address 0xAa760D53541d8390074c61DEFeaba314675b8e3f. The on-chain transaction hash (0xd155207261712c35fa3d472ed1e51bfcd816e616dd4f517fa5959836f5b48569) shows that the attack completed multiple transfers within minutes, involving ETH derivatives such as WETH, osETH, wstETH, frxETH, rsETH, and rETH. This method is similar to past DeFi attacks, such as the access control vulnerability of the Nomad Bridge in 2022, but Balancer's multi-chain deployment amplified the risks, leading to cross-chain losses.

The origins of this attack can be traced back to Balancer's historical security issues. This is not the first time the protocol has faced danger:

• In June 2021, Balancer lost $500,000 due to a smart contract vulnerability;
• In August 2023, it suffered a $270,000 outflow due to a DNS hijacking attack.

The most recent small-scale vulnerability occurred in October 2025, involving manipulation of rate providers.

These incidents point to weaknesses in the protocol's access control and external dependencies. Since the V2 version launched in 2021, it has been running for nearly five years and has undergone multiple audits, fuzz testing, and formal verification, yet it has still failed to completely close the vulnerabilities.

Hasu, Strategic Director of Flashbots and Strategic Advisor to Lido, stated, "Balancer V2 launched in 2021 and has since become one of the most scrutinized and frequently forked smart contracts. This is very concerning. Whenever a contract that has been live for such a long time is attacked, it understandably sets back the adoption process of DeFi by 6 to 12 months."

Currently, the Balancer team has released a statement indicating that V2 pools may have vulnerabilities, and engineers and security teams are investigating the incident.

Foresight News advises users to withdraw funds immediately, revoke approvals (such as processing on Revoke.cash), and avoid any suspicious phishing links.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。