Massive Heist: Hacker Pilfers $120 Million from Balancer’s DeFi Crypto Protocol

Hacker Steals $120 Million from Balancer DeFi Crypto Protocol

A recent cyber attack targeted Balancer Protocol’s v2 pools, resulting in losses exceeding $128 million. The decentralized finance (DeFi) protocol, operating on the Ethereum blockchain, serves as an automated market maker and liquidity infrastructure layer.

Offering customizable token pools, Balancer allows users to deposit assets, earn fees, and facilitate asset swaps. Governed by the BAL token with a market cap of $65 million prior to the incident, Balancer emphasizes flexibility and user empowerment within the DeFi space.

Following the breach, Balancer issued a cautionary statement urging users to remain vigilant against potential scams and phishing attempts. The incident specifically impacted V2 Compostable Stable Pools, occurring at 7:48 AM UTC without affecting other Balancer pools, including V3.

Security researchers are actively collaborating with Balancer to investigate the breach further. According to GoPlus Security, the exploit originated from a precision rounding error in the Vault’s swap calculations, enabling the attacker to manipulate transactions and distort prices significantly.

Contrary opinions attribute the hack to improper authorization and callback handling within Balancer’s V2 vaults. Aditya Bajaj highlights the deployment of a malicious contract that circumvented security measures, enabling unauthorized swaps and balance manipulations.

Balancer vows to release a comprehensive post-mortem report on the incident, shedding light on the attack methodology and reinforcing its commitment to transparency. Despite undergoing multiple audits since 2021, the exploit underscores the evolving nature of cybersecurity threats in the DeFi landscape.

Phishing Attempt Amidst Chaos

Amidst the turmoil, an opportunistic individual impersonated Balancer, offering the hacker a “white-hat bounty” of 20% of the stolen funds in exchange for returning the remainder to a specified address. The elaborate phishing scheme employs persuasive language and coercive tactics to pressure the hacker into compliance.

If the hacker rejects the proposal, the imposter threatens to leverage blockchain forensics experts, law enforcement agencies, and regulatory partners to identify and prosecute the perpetrator. The message instills fear by referencing access-log metadata and IP address correlations to imply imminent discovery.

The Balancer hack stands as one of the largest cryptocurrency thefts in 2025, raising concerns about cybersecurity vulnerabilities within the DeFi sector. While the culprit remains unidentified, the pervasive threat of North Korean hackers looms large, with previous incidents surpassing $2 billion in stolen cryptocurrency.

As DeFi platforms navigate heightened security risks, the industry’s resilience and adaptability will play a pivotal role in combating malicious actors and safeguarding user assets.