Major Hack Hits Balancer: $117 Million in Crypto Drained from v2 Pools

Decentralized finance (DeFi) protocol Balancer has been scrutinized following a massive $117 million exploit that emptied assets in multiple blockchain networks. In a matter of hours, the breach targets Balancer v2 pools with assets in Ethereum , Base, Optimism, Sonic, Polygon, and Berachain.

The on-chain analytics platform spot on chain reported that the attacker drained funds that were mainly made up of Liquid Staking Tokens (LSTs) swETH, osETH, wstETH, sfrxETH, and rsETH. The hacker already started to convert the stolen tokens to ETH in real-time, which may indicate the efforts to liquidate or to obfuscate the assets as soon as possible.

Dormant Wallet Resurfaces After Three Years

Investigators found the address 0x009…f33, which was a wallet that had not been used in more than three years, to be a major participant in the exploit. According to blockchain data, the wallet withdrew 7.38 million dollars worth of assets out of the AMM following the incident.

In the last report by Spot On Chain two large inflows of Balancer Vaults (0xBA1) occurred, amounting to 40.3K GNO ($5.19M) and 349.9 WETH ($1.29M) just before the theft was identified. It seems these transactions were a part of a larger coordinated action because numerous types of assets and vaults were simultaneously targeted.

This multi-chain approach combined with the rapid movement of the attacker suggests a very sophisticated exploit, potentially with the use of automated smart contracts to steal funds in Balancer integrated liquidity pools.

Top Stolen Assets and Their Estimated Losses

The magnitude of the attack is outraging with the five leading stolen assets being:

• 7,838 $WETH (~$29.1 million)
• 6,841 $OSETH (~$26.8 million)
• 4,459 $WSTETH (~$20.1 million)
• 2,405 $SFRXETH (~$10 million)
• 2,038 $RSETH (~$8.67 million)

These assets are mostly based on the Ethereum-based staking derivatives and are among the most actively traded LSTs within the DeFi ecosystem. Their de-liquidation would strain more liquidity pools and cause ripple effects to DeFi markets.

Balancer Responds: “High-Priority Investigation Underway”

Soon after the news broke, the official X (Twitter) account of Balancer admitted to knowing of a possible breach.

The protocol said: there is a possible exploit affecting Balancer v2 pools, we know. The engineering and security teams are working on it with urgency. We will provide confirmed updates and next steps as more information is available.

Balancer also encouraged users to withdraw their funds as quickly as possible and not to touch the affected pools until it was announced otherwise.

Community and Market Reactions

The announcement has caused a lot of panic throughout the DeFi community. Security analysts and blockchain specialists are urging an emergency shutdown on the smart contracts of Balancer to avoid the continual losses.

A number of users have mentioned liquidity withdrawals in panic, and others are awaiting Balancer confirmation of the pools that are safe. The analysts also reported that the hacker is turning stolen LSTs into ETH, which makes asset recovery more complicated and may result in a negative impact on staking token prices.

The users are recommended to revoke approvals, watch wallet activity, and wait on the official post-mortem report by Balancer as investigations are ongoing. The subsequent procedures of the protocol, compensation, or audits and protocol upgrades will be essential in regaining confidence among the liquidity providers and investors.