Balancer Protocol Drained of $116M in Wrapped ETH Exploit - DeFi Security Crisis Deepens

Another day, another nine-figure crypto heist—this time targeting one of DeFi's foundational protocols.

The $116 Million Hit

Balancer's liquidity pools got absolutely hammered by attackers exploiting vulnerabilities in wrapped Ethereum contracts. The protocol's automated market maker infrastructure proved no match for sophisticated exploit techniques that bypassed multiple security layers.

WETH Weakness Exposed

Wrapped ETH—supposedly the safe, interoperable version of Ethereum—became the attack vector that drained millions from liquidity providers. The exploit reveals fundamental flaws in how cross-chain assets are secured across DeFi protocols.

DeFi's recurring security nightmares continue proving that in crypto, the only thing more innovative than the technology is the creativity of those looking to empty your digital wallet. Traditional finance might be boring, but at least your money doesn't disappear because of smart contract code you can't even read.

Balancer exploited through ongoing smart contract interactions

The current Balancer hack may be due to a flawed smart contract, which allowed the attacker to mint unauthorized tokens. Some of the token interactions included functions like ‘approve infinite wstETH’. 

The Balancer attack wallet was identified, currently holding multiple versions of wrapped ETH on several chains. The coins have not been unwrapped or traded. If the hacker decides to swap some of the assets, this may further exacerbate problems with other DeFi protocols, or crash the price of ETH. 

Following the hack, ETH traded at $3,735.04. ETH remains a frequently attacked asset, due to the ease of swapping, trading, or mixing. 

The Balancer exploit arrived just days after a smaller theft of $5.5M from the Garden Finance bridge. As Cryptopolitan reported, in the whole month of September, 20 thefts led to a total loss of $127M. 

Balancer V2 pools were affected

Following the attack, Balancer reacted on Discord, stating that mostly V2 pools were affected. Balancer V2 carries relatively limited volumes, though the DEX reported an anomaly of $26B traded in the past 24 hours, based on CoinGecko data. Balancer announced it is working with security experts on the next step. 

According to the exchange team, V3 remains unaffected, though there are conflicting data that the hacker attempted to break multiple vaults. Currently, V2 is still leading in terms of volumes, though V3 attempts to become the main trading venue with growing stablecoin activity. 

Balancer activity has remained relatively low compared to newer DEXs and DeFi platforms. The chain locked in $678M, down from a peak $3.11B in 2022. The platform attempted to renew its influence during the latest bull cycle. 

The hack hardly affected the BAL native token, which is traded on low volumes and has lost over 99% of its value since launch. 

Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.