Balancer Hack

On November 3, 2025, Balancer, one of DeFi’s oldest automated market makers, and its many forks were hit by the largest exploit of the month, with PeckShield and Cyvers tracking losses of about $128.64 million across Ethereum, Berachain, Arbitrum, Base, Optimism, Sonic, and Polygon. The attacker targeted Balancer Pool Tokens that represent shares in liquidity pools, exploiting a precision and rounding flaw in how the v2 contracts calculated pool prices during batch swaps, a vulnerability that had sat undetected in pools launched roughly five years earlier. The drain forced the Berachain Foundation to intentionally pause its network and execute an emergency hard fork to contain damage to its BEX platform. Roughly $39 million was recovered, partly through white-hat and validator intervention. The incident, Balancer’s third significant exploit in recent years, was one of 2025’s biggest DeFi losses and contributed to a 969% month-over-month surge in November theft to $194.27 million; post-hack pressure later pushed Balancer Labs to wind down operations and restructure the protocol. It underscores the long-tail risk of mature, heavily forked code and the value of rounding-invariant testing and continuous monitoring.