Key takeaways
-
The Ethereum-based DeFi Balancer protocol was mined on November 3, with losses exceeding $70 million.
-
The attackers emptied multiple liquidity pools and moved the funds to a single new wallet within minutes.
-
This is Balancer’s third major breach since 2020, raising new questions about DeFi security.
Decentralized finance (DeFi) protocol Balancer, one of Ethereum’s most established automated market makers (AMMs), suffered a major exploit on November 3, resulting in losses of nearly $70.9 million.
On-chain data shows that multiple Balancer liquidity pools were emptied in rapid succession, with the stolen tokens quickly transferred to a newly created wallet controlled by the attacker.
According to blockchain trackers, the assets drained included:
-
6,850 OSETH
-
6,590 WETH
-
4,260 wSTETH
The rapid execution of the transfers suggests that the attacker had a deep understanding of Balancer’s smart contracts, potentially exploiting a flaw in how the platform handles swaps or pool balances.
Balancer did not immediately respond to a request for comment.
As of press time, the Balancer team has not released an official statement regarding the exploit.
The lack of communication has fueled uncertainty within the DeFi community, as users scramble to understand the scope and cause of the breach.
Blockchain analysts have urged traders to avoid interacting with Balancer pools until more information is released, warning that additional vulnerabilities could still be at play.
Meanwhile, Balancer’s native token (BAL) fell more than 8% during the day, reflecting investor unease and highlighting how quickly sentiment can change when transparency is absent following a major hack.
This isn’t Balancer’s first encounter with hackers. In fact, the platform has suffered three major security incidents in five years – a worrying record for one of DeFi’s oldest protocols.
-
In 2020, attackers exploited Balancer’s deflationary token management, draining approximately $500,000.
-
In 2023, another vulnerability in its “boosted pools” led to losses of $900,000 despite previous security warnings.
The latest $70 million attack dwarfs previous incidents, making it Balancer’s most serious exploit to date and one of the biggest DeFi hacks of 2025.
Security researchers and DeFi auditors are still analyzing the technical vector of the exploit.
Early evidence points to a smart contract vulnerability that allowed the attacker to manipulate swaps or imbalances across multiple pools – a recurring weakness in complex AMM protocols.
