The decentralized finance world has been hit by yet another major attack. Balancer, a leading DeFi protocol operating on the Ethereum blockchain, has confirmed a devastating exploit that drained more than $128 million from its V2 pools. This incident marks one of the largest cryptocurrency thefts of 2025, shaking investor confidence in decentralized ecosystems.
Balancer, known for its role as an automated market maker (AMM) and liquidity infrastructure layer, allows users to create flexible token pools, earn fees, and trade assets seamlessly. The protocol is governed by the BAL token, which had a $65 million market cap just before the hack occurred. Following the breach, Balancer issued an urgent warning urging users to remain vigilant against phishing campaigns and scam messages attempting to exploit the situation.
The team confirmed that the attack specifically targeted V2 Composable Stable Pools at around 7:48 AM UTC, while newer V3 pools remain unaffected. “Our team is working with leading blockchain security experts to identify the root cause and mitigate further damage,” Balancer stated in its official update.
How the Balancer Exploit Happened
According to GoPlus Security, the vulnerability stemmed from a precision rounding error in Balancer’s Vault swap calculations. Every token swap performed on the platform rounded down fractional token amounts, creating microscopic differences. By repeatedly exploiting these rounding discrepancies through batchSwap functions, the hacker managed to compound minor losses into massive cumulative profits — essentially tricking the system’s internal price logic.
However, some blockchain researchers argue that the issue could be linked to authorization flaws and callback manipulation within Balancer’s V2 vault contracts. Security researcher Aditya Bajaj suggested that a malicious contract was deployed to manipulate pool initialization, enabling unauthorized swaps and token balance alterations across interconnected pools.
Despite the conflicting theories, Balancer confirmed it is preparing a full technical post-mortem to clarify the sequence of events once the investigation concludes. Interestingly, Balancer V2 had undergone 11 separate security audits since 2021, raising critical questions about the reliability of existing audit frameworks in identifying multi-layered smart contract vulnerabilities.
Fake “White-Hat” Bounty Scam
In the aftermath of the breach, opportunists quickly tried to exploit the chaos. A phishing group impersonating Balancer offered the hacker a “white-hat bounty” of 20% of the stolen funds, promising immunity if the rest were returned to a fake recovery wallet. The fraudulent message even included fabricated legal threats, claiming collaboration with law enforcement and blockchain forensic teams to pressure the hacker into compliance.
This fake bounty scam highlights a recurring pattern in major DeFi hacks — secondary scams that target both victims and attackers amid confusion and panic. Users are now urged to verify all official Balancer communications exclusively through its verified channels.
DeFi Under Fire: North Korean Hackers Suspected
Although no official attribution has been made, cybersecurity analysts warn that North Korean hacker groups, such as Lazarus, remain the most significant threat to DeFi projects worldwide. According to recent estimates, over $2 billion in crypto assets have been stolen by North Korean-linked hackers in 2025 alone. The Bybit breach earlier this year, resulting in a $1.5 billion theft, remains the largest confirmed incident so far.
Conclusion
The $128 million Balancer hack underscores a growing concern in the DeFi space — even well-audited protocols are not immune to complex, multi-layered attacks. As smart contracts become more advanced, so too do the exploits targeting them. To safeguard against similar events, DeFi developers must strengthen security auditing standards, multi-layer authorization checks, and user awareness campaigns. In the world of decentralized finance, trust is coded — and every vulnerability has a price.
