On Nov. 3, Balancer was exploited for over $116 million after attackers used a smart contract vulnerability to manipulate vault calls during pool initialization.
Balancer Suffers Major Exploit: Over $116 Million Drained From V2 Pools
WRITTEN BY
SHARE
Balancer Confirms Incident
The decentralized finance ( DeFi) platform Balancer has suffered a major exploit, resulting in the theft of over $116 million in digital assets. Preliminary investigations revealed that attackers exploited a vulnerability in smart contract interactions, specifically targeting Balancer’s vaults and liquidity pools. The flaw enabled the deployment of a malicious contract that manipulated vault calls during pool initialization.
Hours after the breach was first reported, Balancer confirmed the incident, stating that its v2 pools were affected. In a post on X, the platform said its engineering and security teams were investigating the matter with high priority and would provide updates as more information became available. The post did not disclose the exact value of assets lost.
According to a social media user known as Adi, investigators found that the exploit was purely smart contract-based and did not involve a private key compromise.
“Improper authorization and callback handling allowed the attacker to bypass safeguards, enabling unauthorized swaps and balance manipulations across interconnected pools, draining assets within minutes,” Adi explained on X.
The stolen funds—primarily Ethereum-based assets—were funneled into a new wallet controlled by the attackers and later consolidated, a move Adi suggested could indicate plans to launder the assets via mixers or cross-chain bridges.
In a follow-up post, Adi speculated that the attackers may have embedded console logs on-chain or used techniques like “vibe coding” or large language models (LLMs) to execute the exploit.
Adi also urged users to take precautionary steps, including withdrawing funds from Balancer v2 pools or avoiding affected ones entirely. Users were further advised to revoke smart contract permissions associated with Balancer addresses.
FAQ 🧠
- What happened to Balancer? The DeFi platform was exploited for over $116 million via a smart contract vulnerability.
- Which pools were affected? Balancer confirmed the breach impacted its v2 liquidity pools.
- Was it a private key hack? No, investigators say the attack was purely smart contract-based with no key compromise.
- What should users do now? Users are urged to withdraw from affected pools and revoke Balancer smart contract permissions.
