Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Crypto Journalist
Anas Hassan
Crypto Journalist
Anas Hassan
share
More than $116 million in crypto-assets have been removed from the Balancer Protocol, marking one of the most severe decentralized finance (DeFi) exploits of 2025.
At approximately 9:12 AM on Monday, the blockchain analysis company Lookonchain first raised the alarmthey report that Balancer has been leveraged for $70.6 million in crypto assets.
Initial data revealed that the attacker siphoned 6,587 WETH ($24.46 million), 6,851 osETH ($26.86 million), and 4,260 wstETH (~$19.27 million) in more blockchain.
Balancer $116M DeFi Exploit Unfolds
In just thirty minutes, Lookonchain updated that the attack was still ongoing, with a total of stolen funds over $116 million.
The scale and precision of the exploit suggest a highly coordinated and technically sophisticated operation spanning multiple DeFi ecosystems.
At press time, show data on the chain the hacker’s DeBank wallet containing about $95 million, while about $21 million was distributed among various wallets, probably an anticipated move toward obfuscation and liquidation of the stolen assets.
The exploit also triggered a ripple effect in Balancer-forked projects, as several associated protocols reported security breaches or precautionary withdrawals.
The retreats of the panic began immediately after the news of the attack, especially from a whale wallet (0x0090) which had been dormant for three years, but suddenly withdrew $6.5 million from the Balancer pools.
Major DeFi protocols respond
The main Ethereum-based protocols were quick to respond.
Lido, a leading liquid staking platform, confirmed that some Balancer V2 pools were affected, but clarified that Lido’s core protocol and user funds remain safe.
In an official statement, Lido noted:
“Out of an abundance of caution, the Veda team – curators of Lido GGV – have withdrawn their Balancer position unaffected.”
Meanwhile, Aave, another DeFi lending protocol, emphasized that it remains unaffected.
Ghost explained whose Aave/stETH stkBPT pool uses a custom version of Balancer V2 that operates independently of the vulnerable Balancer components.
“The Aave protocol has no dependencies on Balancer V2 and is not affected to the best of our knowledge,” the team said.
Uncertain root cause and ongoing investigation
Balancer’s developers have acknowledged the exploit, but have not revealed the root cause or extent of the loss.
However, early signs point to a complex cross-chain exploit vector that could have targeted the protocol’s unique liquidity architecture.
Furthermore, today’s exploit is not the first time that the Balancer protocol has faced attacks and drains from its pools.
In August 2023, the protocol suffered a $2 million drain associated with a code vulnerability, and then the following month, more than $900,000 was removed back through its V2 pool.
Like the recent exploit, vulnerable assets were spread across various networks, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom and zkEVM.
DeFi security issues are growing
Another notable concern about the recent crypto exploit is how it spreads across every major chain outside of Ethereum.
On September 8, Nemo Protocol, a decentralized financial performance (DeFi) platform that operates on the Sui blockchain, has been the victim of a cyberattack which resulted in $2.4 million in losses right before its scheduled maintenance window.
The same day, Swiss crypto platform SwissBorg lost $41.5 million value of Solana (SOL) tokens after hackers compromised the API provider of partner Kiln.
Likewise, in May, Cryptonews reported that the Cetus protocol, a decentralized exchange built on the blockchain Sui, fell victim to an exploit that siphoned more than $200 million in crypto assets.
PeckShield’s latest report reveals that crypto hackers caused $127.06 million in losses in September 2025 alone, noting the continued risk of large-scale attacks on decentralized finance (DeFi) and blockchain platforms.
Only in the first half of 2025, crypto exploits reached $2.1 billion, almost combining all the total losses of 2024.
Why Crypto Hacks Keep Happening
When Cryptonews spoke with Mitchell Amador, founder and CEO of Immunefi, in August, he revealed that most crypto hacks happen for three major reasons, which are:
- Static audits: Companies rely on one-time checks, missing post-launch defects in evolving smart contracts.
- Ignore incentives: They underestimate the appeal of the open card attack of Web3, needing rewards to overcome the black hats.
- No Web3 experience: Many teams lack knowledge of blockchain before, missing composability or oracle risks.
