Balancer Hack Estimated at $128M: $20M Recovered, Contagion Hits Multiple Chains

Published: November 7, 2025|Last updated: November 7, 2025

The DeFi market is officially on high alert.

Balancer, one of DeFi’s blue-chip automated market makers, has just published its preliminary incident report confirming a “significant exploit” targeting its V2 Composable Stable Pools.

While the team is still working on a final number, on-chain security firms are reporting the total estimated drain from the exploit at over $128 million.

Loading tweet...
— View original post

A hack and a systemic vulnerability that are already rippling across multiple blockchains, forcing other protocols to take emergency action.

What Happened: The Exploit

According to Balancer’s official statement, the attacker exploited a rounding error in the V2 “upscale” function combined with the batchSwap feature.

By manipulating pool balances, the attacker was able to drain funds across multiple chains, including Ethereum, Base, and Avalanche.

The Good News: Whitehats Are Fighting Back

Despite the scope of the attack, the damage could have been far worse.

A coordinated “war room” of whitehat hackers and security partners stepped in to recover stolen assets in real time.

The StakeWise DAO team successfully recovered ~5,041 osETH (~$19M) and 13,495 osGNO (~$1.7M).
Other groups, like BitFinding, intercepted and returned approximately $600,000 in assets.

It’s one of the most effective live-response recoveries seen in a major DeFi incident.

The Bad News: Contagion Is Confirmed

The Balancer report also confirms that its V2 code had been forked by other protocols, which made them equally vulnerable.

Several projects have now entered crisis mode to contain the damage:

Berachain: Validators halted the entire blockchain to perform an emergency hard fork on its DEX, BEX.
Sonic Labs: Froze attacker addresses on its Balancer V2 fork, Beets, to prevent further loss.
Gnosis & Monerium: Restricted bridge activity and froze assets tied to the exploit.

This is the first confirmed case of a BalV2-derived vulnerability spreading across multiple ecosystems.

Stack 10% More on Your First BTCC Deposit

Start Trading

The Situation Now

Balancer has paused all affected pools and entered “Recovery Mode,” allowing liquidity providers to withdraw their remaining assets.

The team confirmed that Balancer V3 and other V2 pool types remain unaffected.

While whitehats recovered millions, the event exposed a fundamental weakness in shared smart contract architecture, one that could echo across DeFi for weeks.

The question now is simple: who else was exposed?

The content provided in this article is for informational and educational purposes only and does not constitute financial, investment, or trading advice. Any actions you take based on the information provided are solely at your own risk. We are not responsible for any financial losses, damages, or consequences resulting from your use of this content. Always conduct your own research and consult a qualified financial advisor before making any investment decisions. Read more