The affected funds include 6,850 osETH, 6,590 WETH, and 4,260 wstETH, blockchain data analyzed by CoinDesk showed.
Updated Nov 3, 2025, 9:26 a.m. Published Nov 3, 2025, 8:17 a.m.
Balancer, a decentralized finance (DeFi) protocol with over $750 million in value locked, appears to have been hit by its biggest exploit yet, with on-chain data showing upward of $110 million in digital assets drained to a new wallet.
The affected funds include 6,850 osETH, 6,590 WETH, and 4,260 wstETH, blockchain data analyzed by CoinDesk showed, and seemed to impact vaults on Balancer version 2 (V2).
Further analysis shows various vaults were also impacted and drained across Sonic, Polygon and Base.
How the attack took place
The attack occurred due to a faulty access control in its “manageUserBalance” function, according to security tool Decurity.
The vulnerability stemmed from validateUserBalanceOp, which checks msg.sender against a user-supplied op.sender, a logic flaw that allows unauthorised withdrawals through the UserBalanceOpKind.WITHDRAW_INTERNAL operation.
In effect, this means attackers could trigger internal balance withdrawals from Balancer’s smart contracts without proper permissions.
Loading…
The exploiter’s address has already begun consolidating assets, raising concerns about potential laundering through decentralized mixers or cross-chain bridges.
Balancer’s BAL token has slumped over 5% since its Monday peak, CoinGecko data shows.
The team has not yet issued an official statement, although this marks the third known security breach for the project, following incidents in 2021 and 2023 that collectively cost millions.
The vault is Balancer’s core smart contract, where all tokens from every Balancer pool are actually held. Instead of each pool managing its own funds, everything routes through this single contract.
The design, first introduced in Balancer v2, separates token accounting (from pool logic (how swaps, liquidity adds, and withdrawals work). This makes pools smaller, simpler, and safer to build, and anyone can plug in a new pool design without creating a whole new DEX.
That design appears to be also affecting services built on top of Balancer, as the fork project Beets Finance confirmed it was also impacted, resulting in over $3 million in losses.
There is more than $60 million locked on services built atop Balancer V2, DefiLlama shows, opening the funds to potential risk of getting drained if the protocols have not installed additional security measures to mitigate risks in case the mother contract gets exploited.
UPDATE (Nov. 3, 9:17 am UTC): Updates headline and story throughout to add new exploit value and more context on how the attack happened.
More For You
OwlTing: Stablecoin Infrastructure for the Future
Stablecoin payment volumes have grown to $19.4B year-to-date in 2025. OwlTing aims to capture this market by developing payment infrastructure that processes transactions in seconds for fractions of a cent.
More For You
Miners, Robinhood Earnings and Interest-Rate Decisions: Crypto Week Ahead
Your look at what’s coming in the week starting Nov. 3.
What to know:
You are reading Crypto Week Ahead: a comprehensive list of what’s coming up in the world of cryptocurrencies and blockchain in the coming days, as well as the major macroeconomic events that will influence digital asset markets. For an updated daily email reminder of what’s expected, click here to sign up for Crypto Daybook Americas. You won’t want to start your day without it.
