The DeFi world woke up to another big blow on November 3, 2025, after the popular decentralized finance protocol, Balancer, suffered a massive exploit that resulted in the exfiltration of $116.6 million worth of assets across multiple blockchains.
This hack resulted in a massive leak of osETH, WETH, and wstETH, raising new concerns about the security of DeFi protocols.
How could this have happened?
How did the balancer hack happen?
According to data shared by on-chain analytics firm Lookonchain, the exploit began with a massive outflow of funds from Balancer Vaults. Analysts believe the hackers took advantage of vulnerabilities in access controls within hardened pools of balancers that use Ether-based derivatives.
The attackers exfiltrated approximately $116.6 million on Ethereum’s mainnet alone, followed by similar incidents across the Base, Polygon, Arbitrum, Optimism, and Sonic networks.
The transfer included major crypto assets such as 6,587 WETH (worth $24.46 million), 6,851 osETH ($26.86 million), and 4,259 wstETH ($19.27 million).
The impact extends beyond the balancer
Interestingly, the attack did not end with the balancer. Its forked version, Beets on the Sonic network, also reported losses. This suggests that the exploit targeted a shared vulnerability in the codebase that connects to the same liquidity infrastructure.
Meanwhile, transaction data shows that the stolen funds were transferred through the Balancer vault contract to a single wallet address 0x506D19…AE03207, which then interacted with another contract to perform multiple token swaps.
Community and security response
Blockchain security company PeckShield quickly acknowledged the breach, revoked all balancer-related authorizations, and urged users to monitor wallet activity. Lookonchain also published transaction details showing attackers moving stolen funds between multiple vault addresses, typical of laundering attempts through decentralized exchanges.
Balancer has not released any public statements at this time, but Discord moderators are warning users to avoid interacting with suspicious contracts and new liquidity pools until further notice.
Trust CoinPedia:
CoinPedia has been providing accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by an expert panel of analysts and journalists following strict editorial guidelines based on EEAT (Experience, Expertise, Authority, and Trustworthiness). All articles are fact-checked against trusted sources to ensure accuracy, transparency, and authenticity. Our review policy ensures unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely and up-to-date information on everything cryptocurrencies and blockchain, from startups to industry giants.
Investment Disclaimer:
All opinions and insights shared represent the author’s own views on current market conditions. Please do your own research before making any investment decisions. Neither the author nor the publication is responsible for your financial choices.
Sponsors and advertising:
Sponsored content and affiliate links may appear on our site. Ads are clearly marked and our editorial content is completely independent of our advertising partners.