Balancer’s $128 Million Exchange Breach Exposed – Bits Media
Cybersecurity specialists from PeckShield and Nansen revealed that the recent breach on the Balancer platform was facilitated by a weakness in smart contracts that enabled the intruder to circumvent access controls to liquidity pools.
Malicious software capitalizing on vulnerabilities for unapproved entry impacted Balancer version 2 (V2) liquidity pools across various blockchains, including Ethereum, Arbitrum, Base, Optimism, among others. V3 pools remained secure during the incident, which exploited the flaw to bypass protection protocols and execute withdrawal commands.
The perpetrator succeeded in pilfering substantial quantities of tokens, notably WETH (Wrapped Ether), osETH, wstETH, frxETH, rsETH, and rETH. The exchange’s personnel validated the compromise and guaranteed they are investigating, promising to share complete details about the circumstance.
In an effort to retrieve the assets, the Balancer group presented the hacker with a bounty of up to 20% of the stolen currency if the complete sum, less the incentive, was returned within a day. Should the assets not be given back in 48 hours, Balancer will forward a request to judicial authorities and blockchain investigative professionals to determine the offender’s identity.
A number of ventures utilizing Balancer blockchain protocol improvements, such as Berachain and Beets Finance, have taken swift actions to defend themselves. Berachain has briefly put its network on hold for a hard fork to isolate compromised contracts and endeavor to recover roughly $12 million in user assets. Users and protocols are being urged to invalidate token authorizations granted to Balancer smart contracts and abstain from engaging with the compromised pools.
This is not Balancer’s initial security occurrence. The decentralized protocol has previously encountered breaches, including an almost $900,000 exploit in August 2023 and a website fraud attack in September 2025.
Previously, specialists at BlockSec Phalcon reported that the decentralized finance protocol Abracadabra forfeited roughly $1.8 million worth of Magic Internet Money (MIM) tokens due to a cyberattack. The attacker took advantage of a weakness in a smart contract to extract the assets.
Источник: bits.media
