Ethereum News Today: 11 Audits, $128M Lost: DeFi's Audit Paradox Exposed

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Monday, Nov 3, 2025 9:02 pm ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- StakeWise DAO recovered 5,041 osETH and 13,495 osGNO from Balancer's $128M exploit, partially addressing the breach.

- Attackers exploited token invariant math in V2 Composable Stable Pools despite 11 audits by top firms since 2021.

- The breach spread across Ethereum, Base, Polygon, and Arbitrum, with Ethereum suffering most losses.

- StakeWise's success highlights partial asset recovery potential but underscores DeFi's vulnerability to invariant manipulation attacks.

- Industry faces audit paradox as 2025 crypto hack losses exceed $2.2B, prompting calls for multi-layered security strategies.

StakeWise DAO announced the recovery of 5,041 osETH and 13,495 osGNO from the

Balancer
attacker, marking a partial resolution to a high-profile exploit that drained over $128 million in assets from the decentralized finance (DeFi) platform, according to a
Weex report
. The incident, which targeted Balancer's V2 Composable Stable Pools, has sparked renewed scrutiny over the efficacy of smart contract audits and security protocols in the crypto space, according to a
DLNews report
.

The exploit, first reported on November 3, involved a sophisticated attack on Balancer's liquidity pools, where the perpetrator manipulated token invariants—mathematical rules governing token swaps—to extract favorable exchange rates and drain funds, as reported by DLNews. Despite undergoing 11 audits by top firms like OpenZeppelin, Trail of Bits, Certora, and ABDK since 2021, the platform's smart contracts were breached, as detailed in a

Cointelegraph report
. Suhail Kakar, a TAC blockchain developer, emphasized the failure of repeated audits, stating, "The vault was audited three separate times by different firms still got hacked for $110M. This space needs to accept that 'audited by X' means almost nothing. Code is hard, DeFi is harder."

Balancer's response highlighted that the breach was "isolated to V2 Composable Stable Pools" and did not affect V3 or other pools, Cointelegraph reported. However, the attack spread across multiple blockchains, including

Ethereum
, Base, Polygon, and
Arbitrum
, with Ethereum bearing the brunt of the losses, according to DLNews. The attacker's address has since generated new contracts and custom tokens, raising concerns about an ongoing exploit campaign, DLNews added.

StakeWise's recovery of osETH and osGNO—derivatives of staked Ethereum—demonstrates the potential for partial asset retrieval in such incidents, according to the Weex report. The DAO's success, however, does not mitigate broader concerns about DeFi's vulnerability to invariant manipulation attacks, where malicious actors exploit pricing mechanisms to drain liquidity pools, DLNews noted.

The incident underscores a growing trend in crypto security: despite increased investment in audits and bug bounties, sophisticated attacks continue to exploit complex codebases. As of November 2025, losses from crypto hacks have already exceeded $2.2 billion this year, DLNews reported. Analysts stress that multi-layered security strategies, including real-time monitoring and community-driven response protocols, may be necessary to address evolving threats.