Ethereum News Today: DeFi's Security Gaps Laid Bare by Balancer's $116M Exploit

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Monday, Nov 3, 2025 3:41 pm ET1min read
BAL--
ETH--
ARB--
BERA--
S--
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- DeFi protocol Balancer suffered a $116M exploit via v2 pool vulnerabilities, draining assets across Ethereum, Arbitrum, and other chains.

- Attackers exploited infinite approval flaws in wstETH and other tokens, rapidly transferring stolen funds to new wallets, raising laundering concerns.

- Balancer confirmed the breach, advised users to avoid affected pools, while TVL dropped to $678M and BAL token fell over 5%.

- Forked projects like Beets Finance also lost $3.5M, with security firms attributing risks to legacy code gaps in DeFi ecosystems.

- Experts warn of systemic risks in composable liquidity protocols, urging multi-signature wallets and continuous audits to prevent future breaches.

Decentralized finance (DeFi) protocol BalancerBAL-- has confirmed a major security breach, with losses exceeding $116 million across multiple blockchain networks, including EthereumETH--, ArbitrumARB--, Base, and Optimism, according to a Coinotag report. The exploit, which targeted vulnerabilities in the protocol's smart contracts, has raised urgent concerns about security in the DeFi sector, particularly for protocols managing high-value liquidity pools.

The attack exploited a flaw in Balancer's v2 pools, allowing unauthorized withdrawals through infinite approval functions for assets like wrapped staked ETH (wstETH). On-chain analysis, reported by Coinpedia, revealed that the hacker drained 6,587 WETH, 6,851 osETH, and 4,260 wstETH—totaling approximately $116.6 million—as of November 3, 2025. The breach unfolded rapidly, with stolen assets quickly transferred to new wallets, prompting fears of potential laundering via decentralized mixers or cross-chain bridges, as Yahoo Finance reported.

Balancer's engineering and security teams confirmed the incident, urging users to avoid affected pools and stating that v3 pools remain secure, according to a BeinCrypto report. The protocol's total value locked (TVL) has since dropped to $678 million, a sharp decline from its 2022 peak of $3.11 billion. Meanwhile, Balancer's native token, BAL, fell over 5% following the exploit, compounding investor concerns.

The multi-chain nature of the attack further amplified the damage, with additional losses reported on forked projects like Beets Finance and BerachainBERA--. For example, SonicS-- and Polygon chains saw $3.4 million and $117,000 drained, respectively, in a Coinotag update. Security firms like PeckShield and Certik have emphasized that such vulnerabilities often stem from legacy code flaws, underscoring the need for continuous audits even in mature DeFi ecosystems.

Balancer's response includes collaboration with blockchain security experts to patch vulnerabilities and enhance safeguards. The protocol's team noted that users affected by the exploit may be eligible for compensation, though no formal recovery plan has been outlined. This incident marks Balancer's third major security breach in five years, following earlier losses reported in previous incidents, as noted in an earlier Yahoo report.

The broader DeFi community has reacted with heightened caution. Analysts warn that the exploit highlights systemic risks in liquidity protocols, particularly those relying on interconnected pools and composable designs. With DeFi's total value locked at over $75 billion globally, experts stress the importance of robust multi-signature setups and hardware wallets to mitigate future risks.

author avatar
Coin World

Quickly understand the history and background of various well-known coins

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.