Key Takeaways

• Ethereum-based DeFi protocol Balancer was exploited on Nov. 3, with losses exceeding $70 million.

• Attackers drained multiple liquidity pools and moved funds into a single new wallet within minutes.

• This marks Balancer’s third major breach since 2020, raising renewed questions about DeFi security.

The decentralized finance (DeFi) protocol Balancer, one of Ethereum’s most established automated market makers (AMMs), suffered a major exploit on Nov. 3, leading to losses of nearly $70.9 million.

On-chain data shows that multiple Balancer liquidity pools were drained in rapid succession, with the stolen tokens quickly transferred to a newly created wallet controlled by the attacker.

According to blockchain trackers, the drained assets included:

• 6,850 OSETH

  

• 6,590 WETH

• 4,260 wSTETH

The swift execution of the transfers suggests the attacker had a deep understanding of Balancer’s smart contracts, potentially exploiting a flaw in how the platform handles swaps or manages pool balances.

Balancer did not immediately respond to a request for comment.

As of press time, Balancer’s team has not issued an official statement addressing the exploit.

The lack of communication has fueled uncertainty within the DeFi community, as users scramble to understand the scope and cause of the breach.

Blockchain analysts have urged traders to avoid interacting with Balancer pools until more information is released, warning that additional vulnerabilities could still be at play.

Meanwhile, Balancer’s native token (BAL) dropped over 8% intraday, mirroring investor unease and highlighting how quickly sentiment can shift when transparency is absent in the wake of a major hack.

This is not Balancer’s first encounter with hackers. In fact, the platform has now suffered three major security incidents in five years — an unsettling record for one of DeFi’s longest-running protocols.

• In 2020, attackers exploited Balancer’s handling of deflationary tokens, draining roughly $500,000.

• In 2023, another vulnerability in its “boosted pools” led to $900,000 in losses despite prior security warnings.

The latest $70 million attack dwarfs those previous incidents, making it Balancer’s most severe exploit to date and one of the largest DeFi hacks of 2025.

Security researchers and DeFi auditors are still analyzing the exploit’s technical vector.

Early evidence indicates a smart contract vulnerability that enabled the attacker to manipulate swaps or imbalances across multiple pools — a recurring weakness in complex AMM protocols.