Balancer Protocol Suffers $128 Million DeFi Exploit as Berachain Halts Operations

The decentralized finance sector faces another major security crisis. Balancer protocol suffered an exploit with an estimated $128.6 million in assets drained from its vaults, according to blockchain security firm Peckshield. The attack targeted multiple blockchain networks and prompted emergency responses across affected platforms.

Understanding the Balancer Protocol Exploit Attack Vector

According to security tool Decurity, the attack occurred due to a faulty access control in Balancer’s “manageUserBalance” function. The vulnerability stemmed from validateUserBalanceOp, which checks msg.sender against a user-supplied op.sender, allowing unauthorized withdrawals through the UserBalanceOpKind.WITHDRAW_INTERNAL operation. This critical flaw enabled attackers to drain funds systematically across different chains.

The outflows included about 6,587 WETH worth $24.5 million, 6,851 osETH valued at $26.9 million, and 4,260 wstETH worth approximately $19.3 million. Security researchers identified the exploit as attackers moved these substantial amounts from Balancer’s main vault address to external wallets. Further analysis shows that various vaults were also impacted and drained across Sonic, Polygon, and Base.

Balancer DeFi Protocol Faces Third Major Security Breach

This marks the third known security breach for the project, following incidents in 2021 and 2023 that collectively cost millions. The current exploit dwarfs previous attacks in both sophistication and financial impact. Balancer confirmed the issue, writing on X that it is “aware of a potential exploit impacting Balancer v2 pools”. The team assembled engineering and security units to investigate with high priority.

Balancer’s BAL token has fallen more than 5% from its Monday peak, according to CoinGecko data. The market’s reaction highlights growing concerns over DeFi security vulnerabilities. A whale wallet that had been inactive for over three years suddenly withdrew its entire $6.5 million balance from the platform, signaling panic among large holders.

The exploit raises questions about smart contract security audits and access controls. The vault is Balancer’s core smart contract, where all tokens from every Balancer pool are held. Attackers successfully exploited the centralized design’s single point of failure, which, while efficient for operations, made the system vulnerable.

Berachain Network Emergency Hard Fork Response

Berachain validators coordinated an emergency network halt after exposure to a vulnerability tied to the Balancer V2 exploit. The Berachain Foundation said the validators purposefully halted the network as the core team performs an emergency hard fork to address Balancer V2-related exploits on the BEX. This decisive action aimed to protect user funds and prevent further losses.

Berachain co-founder Smokey The Bera said validators took coordinated action after discovering that roughly $12 million in user funds were at risk. The response sparked debate within the crypto community about centralization versus user protection. On-chain investigator ZachXBT praised the action, supporting the tough decision and commending putting users first.

The pause enables developers to roll out an emergency hard fork to isolate compromised contracts and recover affected assets before resuming operations. Because the stolen funds involved multiple non-native assets and not just Berachain’s own token BERA, fixing it requires more than rolling back a few blocks. The technical complexity of the recovery operation demonstrates the interconnected risks in DeFi ecosystems.

Broader DeFi Security Implications

The Balancer protocol exploit highlights persistent vulnerabilities in decentralized finance infrastructure. The multi-chain attack targeted Balancer V2 pools across Ethereum, Base, Polygon, Arbitrum, Optimism, and Sonic. This coordinated assault demonstrates how protocol vulnerabilities can cascade across multiple blockchain networks simultaneously.

The incident stands out as Balancer’s biggest hack yet and one of the largest DeFi exploits of 2025. Security experts continue analyzing the exploit’s technical details to prevent similar attacks. Over $60 million is locked in services built on Balancer V2, exposing the funds to potential risk if the protocols have not implemented additional security measures.

The attack underscores the importance of rigorous security audits and real-time monitoring systems. DeFi protocols must implement multiple layers of defense to protect user funds. Smart contract vulnerabilities remain a critical challenge as the sector seeks mainstream adoption.

Conclusion

The Balancer protocol exploit represents a significant setback for DeFi security. The $128 million loss and Berachain’s emergency network halt demonstrate the high stakes involved in decentralized finance. Moving forward, protocols must prioritize comprehensive security measures and rapid response capabilities to protect user assets.