Balancer, a decentralized exchange (DEX) and liquidity protocol, suffered a major security breach resulting in losses exceeding $116.6 million in digital assets. The ongoing attack involved the transfer of 6,587 WETH (~$24.46M), 6,851 osETH (~$26.86M), and 4,260 wstETH (~$19.27M) from Balancer’s pools to an attacker-controlled wallet. The exploit remains active, with no immediate mitigation confirmed. While Balancer’s team acknowledged the incident and promised compensation for affected users, the breach underscores persistent vulnerabilities in DeFi infrastructure despite regulatory scrutiny and prior security enhancements. This marks a recurrence, following a smaller $238,000 theft in 2023. The attack’s scale and direct financial impact on users and the protocol’s reputation highlight systemic risks in decentralized finance (DeFi) platforms.
Source: https://beincrypto.com/balancer-exploit-security-breach-defi-losses/
TPRM report: https://www.rankiteo.com/company/balancer-ecosystem
"id": "bal2834528110325",
"linkid": "balancer-ecosystem",
"type": "Cyber Attack",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Users of Balancer v2 pools '
'(compensation eligible)',
'industry': 'DeFi (Decentralized Finance)',
'name': 'Balancer',
'type': 'Decentralized Exchange (DEX) and Liquidity '
'Protocol'}],
'customer_advisories': 'Affected users eligible for compensation; further '
'updates to be shared as available',
'date_detected': '2025-11-03',
'date_publicly_disclosed': '2025-11-03',
'description': 'Decentralized exchange and liquidity protocol Balancer has '
'reportedly fallen victim to a major security breach, with '
'losses exceeding $110 million in digital assets. On-chain '
'data indicates that the attack remains ongoing. The exploit '
'highlights ongoing vulnerabilities in DeFi infrastructure, '
'despite increasing regulatory scrutiny and enhanced security '
'efforts across the sector. Attackers transferred roughly '
'6,587 WETH (~$24.46M), 6,851 osETH (~$26.86M), and 4,260 '
'wstETH (~$19.27M) from Balancer to a new wallet. Balancer’s '
'team has acknowledged the exploit and stated that affected '
'users will be eligible for compensation.',
'impact': {'brand_reputation_impact': 'High (repeated incidents, including a '
'$238K theft in 2023)',
'financial_loss': '$116.6 million (and ongoing)',
'operational_impact': 'Ongoing exploit; engineering and security '
'teams investigating with high priority',
'systems_affected': ['Balancer v2 pools']},
'initial_access_broker': {'high_value_targets': ['Balancer v2 pools']},
'investigation_status': 'Ongoing (engineering and security teams '
'investigating with high priority)',
'motivation': 'Financial Gain',
'references': [{'date_accessed': '2025-11-03',
'source': 'Lookonchain (via X/Twitter)',
'url': 'https://x.com/Lookonchain'},
{'date_accessed': '2025-11-03',
'source': 'Balancer Official X/Twitter Account',
'url': 'https://x.com/Balancer'}],
'response': {'communication_strategy': 'Public acknowledgment via X '
'(Twitter); updates promised as '
'information becomes available',
'incident_response_plan_activated': True,
'remediation_measures': 'Investigation in progress; compensation '
'for affected users announced'},
'stakeholder_advisories': 'Users advised to verify wallet transactions for '
'unusual activity; compensation eligibility '
'announced',
'title': 'Balancer Exploit Drains Over $110 Million as Attack Continues',
'type': ['Exploit', 'DeFi Attack', 'Cryptocurrency Theft']}