Balancer hit by $129M exploit, largest DeFi hack this year
Balancer has suffered the largest DeFi hack of 2025, with more than $129 million stolen from the protocol.
The attack targeted v2 pools across Ethereum, Arbitrum, Base, Optimism, Polygon, and Sonic. According to PeckShield, losses continue to rise as attackers move funds between multiple addresses.
Balancer confirmed the breach on X (formerly Twitter), saying its engineers and security team are investigating the incident as a top priority. At the time of publication, DefiLlama estimated the protocol’s TVL at over $700 million, meaning roughly 18% of all pooled assets were drained.
The exploit stemmed from a flaw in the access control mechanism that allowed attackers to directly manipulate internal balances. Decurity confirmed that a vulnerability in the manageUserBalance function enabled unauthorized token withdrawals.
The situation worsened when the exploit spread to projects built on Balancer v2 forks, including Beets on Sonic, which lost an additional $3.4 million. On Berachain, validators were forced to halt the network and perform an emergency hard fork.
Following the attack, bets on Polymarket predicting another crypto hack exceeding $100 million in 2025 jumped from 25% to 99%.
Polymarket bet: “Another crypto hack over $100m in 2025?” Source: polymarket.com
Balancer has faced security issues before: in 2023, it lost $2 million due to price manipulation in Boosted Pools and later reported a frontend breach. This latest attack, however, is the largest in the protocol’s history and has reignited debate over the reliability of DeFi smart contract audits - even for long-standing, well-established projects.
