Key Takeaways
- DeFi protocol Balancer suffered a $116.6 million crypto theft.
- The exploit may have originated from a smart contract issue involving a faulty access check.
- To recover the stolen funds, the Balancer team has offered a 20% bounty.
Today, the decentralized exchange (DEX) and automated market maker (AMM) Balancer faced a massive crypto theft, resulting in the loss of $116 million worth of digital assets. This first major crypto attack of November was initially reported by PeckShield Alert, which shared a post on X highlighting unusual activity.
Balancer Loses $116 Million in Latest DeFi Exploit
In the initial post by PeckShield, a total of $70.8 million worth of crypto was reported drained, including 6,851.12 StakeWise Staked ETH (osETH) worth $27 million, 6,587.44 Wrapped Ether (WETH) worth $25.5 million, and 4,259.84 Lido wstETH (wstETH) worth $19.3 million. This amount was later updated to $88 million, as confirmed by the blockchain security firm.
However, the blockchain-based transaction tracker Lookonchain has now confirmed that the total stolen funds from the Balancer exploit have surged to $116.6 million.
Following the massive attack, the Balancer team shared a post on X stating, “We’re aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating this with high priority. We’ll share verified updates and next steps as soon as we have more information.”
The protocol further stated,
This is the last message from Balancer. Please do not engage with or click on any links from scams or phishing attempts that may be posted below.
Also Read: North Korea Crypto Hackers Smash Record with $2 Billion Stolen in 2025
What Caused the Balancer Exploit?
Following the attack, several speculations have emerged. Recently, Nicolai Sondergaard, a research analyst at Nansen, shared that the Balancer exploit may have originated from a smart contract issue involving a faulty access check, which allowed the attacker to execute a command to withdraw funds.
The analyst further noted,
From what I see, losses are now greater than $100 million and have affected Balancer v2 and various forks.
Balancer Offers 20% Bounty
So far, to recover the stolen funds, the Balancer team has offered a bounty of 20% if the funds are fully returned. Additionally, the team stated that if the exploiters fail to return the stolen assets within the next 48 hours, the 20% white-hat bounty will expire.
The team has also engaged independent blockchain forensics specialists and is actively cooperating with multiple law enforcement agencies and regulatory partners.
The Balancer team further stated,
Our partners have a high degree of confidence that you will be identified through access-log metadata collected by our infrastructure, which indicates connections from a defined set of IP addresses and ASNs, along with associated ingress timestamps that correlate with on-chain transaction activity. Our intent is to address this issue through cooperation, not punishment, upon the full and verifiable return of the stolen assets to the recovery address and confirmation by Balancer.
