Ethereum News Today: Third Breach Costs Balancer $70M, Highlighting DeFi's Security Flaws

Generated by AI AgentCoin WorldReviewed byTianhao Xu
Monday, Nov 3, 2025 4:21 am ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
BAL
--
ETH
--
MKR
--
QUICK
--
Aime RobotAime Summary

- Balancer, a major Ethereum DeFi protocol, lost $70.9M in a 2025 exploit as attackers drained liquidity pools and transferred tokens to a new wallet.

- The breach marks Balancer's third major security incident since 2020, with stolen assets including 6,850 OSETH, 6,590 WETH, and 4,260 wSTETH.

- Repeated vulnerabilities have triggered a 5% drop in BAL token value and raised concerns about DeFi infrastructure robustness, as no funds have been recovered.

- Previous attacks in 2025 included a DNS phishing scam ($238K) and a $1M stalecoin exploit, highlighting ongoing smart contract security challenges.

- Analysts urge caution with Balancer pools while investigations continue, as attackers' methods suggest sophisticated understanding of protocol weaknesses.

Balancer, one of Ethereum's most established decentralized finance (DeFi) protocols, is under investigation after suffering a suspected $70.9 million exploit, with liquid staked Ether (ETH) tokens swiftly transferred to a newly created wallet. On-chain data shows that the decentralized exchange and automated market

maker
(AMM) lost approximately 6,850 StakeWise Staked
ETH
(OSETH), 6,590 Wrapped Ether (WETH), and 4,260 Lido wstETH (wSTETH) in three rapid transactions, according to Etherscan logs and analysis from crypto intelligence platforms like Nansen,
a Cointelegraph report
. The total value of the stolen assets is estimated at $70.9 million, though
a BeInCrypto article
reported a slightly lower figure of $70.6 million.

The incident, which occurred on Nov. 3, 2025, marks Balancer's third major security breach since 2020 and one of the largest DeFi exploits of the year. Attackers drained multiple liquidity pools in

quick
succession, consolidating the stolen tokens into a single address, suggesting a sophisticated understanding of the protocol's smart contracts
a Yahoo Finance story
. Blockchain security firm Cyvers estimated that suspicious transactions across multiple chains linked to the exploit totaled up to $84 million.
Balancer
has yet to issue an official statement, fueling uncertainty among users and investors.

This is not the first time the protocol has faced a security incident. In September 2025, Balancer suffered a domain name system (DNS) attack on its front-end website, redirecting users to a phishing site that siphoned $238,000 in digital assets. Earlier in August, the protocol disclosed a $1 million stalecoin exploit following the revelation of a "critical vulnerability" in its liquidity pools. The repeated breaches have raised concerns about the robustness of DeFi infrastructure, particularly as Balancer manages over $750 million in value locked, according to

a CoinDesk article
.

The BAL token, Balancer's native governance token, dropped over 5% in the days following the exploit, reflecting investor unease. Analysts have urged users to avoid interacting with Balancer pools until the exploit's technical vector is fully understood. Security researchers are currently investigating whether the breach stemmed from a flaw in how the platform handles swaps or manages pool balances.

Balancer's history of vulnerabilities includes a 2020 exploit involving deflationary tokens, which led to $500,000 in losses, and a 2023 incident in "boosted pools" that cost $900,000. The latest attack dwarfs these earlier breaches and underscores the ongoing challenges DeFi platforms face in securing complex smart contract systems.

As the investigation continues, the DeFi community remains on edge. The lack of transparency from Balancer's team has compounded fears that additional vulnerabilities may still exist. Meanwhile, the attacker's wallet remains active on

Ethereum
, and no funds have been recovered.