Balancer, which is a decentralized finance (DeFi) protocol focused on automated market making (AMM), was exploited early Monday morning in an attack that may have led to $120 million or more in losses for its users.

The specific details of how the attack was pulled off are still unclear at this time. According to an early analysis published on the Blocksec Phalcon X account, the exploit was “highly sophisticated†and involved manipulating prices within the protocol that allowed the attacker to profit. On the other hand, Cyvers CEO Deddy Lavid told Bloomberg that the attacker may have been able to manipulate balances directly via an exploit involving the control mechanisms of the protocol.

We’re aware of a potential exploit impacting Balancer v2 pools.

Our engineering and security teams are investigating with high priority.

We’ll share verified updates and next steps as soon as we have more information.

— Balancer (@Balancer) November 3, 2025

The latest update from Balancer indicates they are currently working with leading security researchers to better understand exactly what happened and will eventually provide a full post-mortem report. In addition to Balancer, other projects that were based on forks of that particular DeFi protocol’s smart contracts were also affected.

Serious Implications for DeFi

While hacks and thefts in the world of DeFi and crypto more generally are not at all uncommon, the attack on Balancer is particularly troubling due to the high degree of trust that had been built around the protocol. Balancer has existed since 2020, and it’s also received many security audits by highly-trusted firms over the years, including from the likes of OpenZeppelin and Trail of Bits. These are the sorts of firms that have also given their stamp of approval to other highly reputable and trusted DeFi protocols.

Notably, the exploit occurred on Balancer v2, which launched in 2021 and was thought to be better reviewed and more trustworthy than the more recent Balancer v3 implementation due to its existence in the wild for much longer.

Ethereum developer Lefteris Karapetsas noted on X that the main takeaway from this event is not the actual theft, but rather the collapse of trust in DeFi that will come with it. “A protocol live since 2020, audited and widely used, can still suffer a near-total TVL loss,†wrote Karapetsas. “That’s a red flag for anyone thinking DeFi is ‘stable.’ No serious capital allocates into systems that fragile.â€

Hasu, who is a strategic advisor to Lido and the strategy lead at Flashbots, shared a similar sentiment, posting, “Balancer v2 launched in 2021 and is one of the most looked at and forked smart contracts since. It’s very scary. Every time such an old contract can be exploited, it (rightfully) sets Defi adoption back by 6-12 months.â€

Not to be dramatic, but the Balancer exploit is a nightmare scenario.

Balancer is a DeFi OG operating since 2020, among the top 3 most battle-tested DApps, and the exploit happened in Balancer V2 vaults (audited by multiple top firms that also audited most of DeFi).

Not great. https://t.co/0nRUHEHurg pic.twitter.com/sBgAoU9pQg

— jfab.eth (@josefabregab) November 3, 2025

At least one blockchain, Berachain, has been temporarily shut down in response to the attack. In fact, the Berachain network will undergo a hard fork in an attempt to roll back the effects of this exploit on its chain, according to the Berachain X account. This is reminiscent of the situation from two weeks ago, when the lack of real decentralization in crypto was exposed by the downtime incurred at Amazon Web Services (AWS).

What Happens Next?

According to Coinbase Director Conor Grogan, the Balancer exploiter funded the attack on Balancer with ETH that was previously held in Tornado Cash, which is a mixing protocol on Ethereum intended to separate funds from their transaction history.

Unless the exploiter transfers funds into stablecoins, which are more easily controlled and subject to blacklisting, or deposits crypto onto a centralized exchange, recovery of funds may be difficult. That said, there have been past situations where DeFi protocol exploiters have returned partial funds or the protocol itself was effectively bailed out. At this point, it’s simply too early to tell what will happen in this specific incident.

For now, the effects of this latest exploit on the crypto world may involve questioning whether DeFi protocols can be trusted and are worth the costs of decentralization more generally, especially when it comes to financial activities involving tokens issued by entities that are inherently centralized anyway.