DeFi Protocol Balancer Hit by $128 Million Exploit

Precision Bug Triggers Major DeFi Collapse

On-chain analytics firm Nansen confirmed that the exploit stemmed from a “tiny precision/rounding error” in Balancer V2’s liquidity pool code. The attacker manipulated multiple swaps within a single transaction, pushing the pool’s valuation off-balance.

This allowed the hacker to mint undervalued Balancer Pool Tokens (BPT), redeem them for the underlying assets, and pocket the difference - draining over $100 million in assets across multiple chains.

Security firms PeckShield and Cyvers placed the total losses closer to $128 million, though the final figure fluctuates with market prices. The stolen assets were quickly dispersed through multiple wallets and decentralized exchanges, complicating recovery efforts.

Balancer Responds as BAL Token Plunges

Balancer has acknowledged the attack, confirming it was limited to Balancer V2 Composable Stable Pools - while its newer V3 pools remain safe. The team is now working with “leading security researchers” to conduct a full postmortem and coordinate with affected partners.

Following the incident, Balancer’s BAL token dropped over 11%, sliding to a $56 million market cap, according to CoinGecko.

Berachain Freezes Network After $12 Million Loss

The ripple effect quickly hit Berachain, whose decentralized exchange also relied on Balancer V2’s vulnerable codebase. The network suffered roughly $12.86 million in losses, prompting validators to halt the blockchain.

Berachain’s team announced plans for an emergency hard fork to restore the chain to a pre-exploit state - a move reminiscent of Ethereum’s controversial 2016 DAO rollback.

However, this decision sparked debate within the crypto community, with purists arguing that reversing transactions violates blockchain immutability - one of crypto’s core principles.

A Flashback to the DAO Fork Controversy

The 2016 DAO hack, which led to Ethereum’s first major hard fork, remains one of the most divisive events in blockchain history. That incident saw $50 million in ETH stolen, and the community split between those supporting the rollback and those who went on to form Ethereum Classic.

Now, Berachain faces a similar ideological crossroads. While the rollback aims to protect users, critics warn it could undermine trust in the blockchain’s neutrality and immutability.

Market Fallout and Next Steps

The broader DeFi market reacted sharply. Liquidity providers across Ethereum and Layer-2 chains rushed to withdraw funds from Balancer-linked protocols, while Balancer’s total value locked (TVL) dropped sharply overnight.

Meanwhile, Berachain’s native token (BERA) plunged nearly 10%, bringing its market cap down to $211 million.

Balancer’s development team is expected to release a technical breakdown of the vulnerability later this week, as affected projects continue to pause or upgrade their pools.

The event serves as another stark reminder of DeFi’s smart contract fragility, even in long-standing projects once considered battle-tested.