Ethereum News Today: Cross-Chain Heist Shatters Balancer: $116M+ Lost Despite Audits

Balancer Audits Under Scrutiny After $116M+ DeFi Exploit Drains Cross-Chain Assets

DeFi protocol BalancerBAL-- has become the latest victim of a major security breach, with over $116 million in digital assets stolen across EthereumETH--, ArbitrumARB--, Base, and other blockchains. The exploit, which began on November 3, 2025, targeted vulnerabilities in Balancer v2 pools, exposing persistent risks in decentralized finance infrastructure despite years of audits and regulatory scrutiny, according to a Bloomberg report.

The attack exploited a flaw in the protocol's "manageUserBalance" function, allowing unauthorized withdrawals by manipulating internal token balances. On-chain data revealed the attacker drained 6,590 WETH, 6,851 osETH, and 4,260 wstETH-tokens tied to Ethereum's staking mechanisms, Coindesk reported. By 8:52 a.m. UTC, losses had swelled to $116.6 million, with the hacker still consolidating stolen funds into new wallets, TradingView reported.

Balancer's engineering team confirmed the breach and urged users to avoid impacted pools, while offering a 20% bounty for the return of stolen assets, according to Coinpedia. "Our partners have high confidence in identifying the perpetrator through access-log metadata," the team stated in an on-chain message, referencing IP addresses and timestamps linked to the exploit, per TradingView. However, security analysts noted the attacker's ongoing efforts to split assets across chains, raising concerns about potential laundering via decentralized mixers, Coindesk reported.

This is not Balancer's first security incident. The protocol has faced three prior exploits since 2020, including a $500,000 flash loan attack and a 2023 phishing scheme that stole $238,000, Yahoo Finance reported. Despite full audits by firms like OpenZeppelin and Trail of Bits, the latest breach highlights the challenges of securing complex smart contracts. "The exploit was highly sophisticated, likely involving invariant manipulation to falsify token prices," said BlockSec, a blockchain security firm, as reported by Yahoo Finance.

The incident has reignited debates about DeFi's vulnerability to cross-chain attacks. Unlike earlier breaches targeting smaller protocols, Balancer's scale—managing over $700 million in assets before the exploit—underscores systemic risks in the ecosystem. "This breach could invite renewed regulatory scrutiny," said Coincu researchers, emphasizing the need for stricter technical standards, Coinnews reported.

Market reactions were swift. Balancer's native BALBAL-- token fell over 5% in the aftermath, while Ethereum (ETH) dipped 4.63% to $3,714.47, reflecting broader market jitters, Coinnews reported. The attack also exposed weaknesses in forked projects like Beets and BerachainBERA--, which shared parts of Balancer's codebase and were similarly compromised, Coinpedia noted.

As the DeFi sector grapples with the fallout, Balancer's response—combining bounties, forensic analysis, and hard forks—mirrors strategies used by other protocols to recover stolen funds. However, with losses surpassing $128 million and the attacker still active, the incident serves as a stark reminder of the sector's unresolved security challenges, Yahoo Finance reported.