Balancer V2 vulnerability causes losses exceeding $116 million, affecting multiple chain protocols

Original Title: "Veteran DeFi Falls: Balancer V2 Contract Vulnerability, Over $1.1 Billion in Assets Stolen"

Original Author: Wenser, Odaily

On November 3, the veteran DeFi protocol Balancer was reported to have lost over $70 million in assets due to theft. Subsequently, this news was confirmed by multiple sources, and the scale of stolen funds continued to rise. As of the time of writing, the amount of assets stolen from Balancer has increased to over $1.16 billion. Odaily provides a brief analysis of this incident in this article.

Details of the Balancer Theft: Losses Exceed $1.16 Billion, Mainly Due to V2 Pool Smart Contract Vulnerability

According to on-chain information, the attacker of Balancer has now stolen more than $1.16 billion, with the main stolen assets including WETH, wstETH, osETH, frxETH, rsETH, and rETH, distributed across multiple chains such as ETH, Base, Sonic, and others. Specifically:

· Assets stolen on Ethereum: approximately $1 billion;

· Assets stolen on Arbitrum: approximately $8 million;

· Assets stolen on Base: approximately $3.95 million;

· Assets stolen on Sonic: over $3.4 million;

· Assets stolen on Optimism: approximately $1.57 million;

· Assets stolen on Polygon: around $230,000.

Crypto KOL Adi posted that preliminary investigations show the attack mainly targeted Balancer's V2 vaults and liquidity pools, exploiting vulnerabilities in smart contract interactions. On-chain investigators pointed out that a maliciously deployed contract manipulated Vault calls during the initialization of liquidity pools. Incorrect authorization and callback handling allowed the attacker to bypass safeguards, enabling unauthorized swaps or balance manipulation between interconnected liquidity pools, resulting in rapid asset theft within minutes.

Based on current information, there was no private key leakage; this was purely a smart contract vulnerability.

Auditor from kebabsec and citrea developer @okkothejawa also posted, "(The check error mentioned by @moo9000) may not be the root cause, as in all 'manageUserBalance' calls, ops.sender == msg.sender. The security vulnerability may have occurred in the transaction before the contract for asset extraction was created, as it led to some state changes in the Balancer vault."

Balancer's official team also responded: "The official team is aware of a potential vulnerability affecting Balancer v2 pools. Our engineering and security teams are prioritizing the investigation. Once more information is available, we will immediately share verified updates and next steps."

Berachain, which also faces potential asset risk, responded promptly. After a post from the Berachain Foundation, Berachain founder Smokey The Bera stated, "The Bera node group has proactively suspended the public chain to prevent the Balancer vulnerability from affecting BEX (mainly the USDe three-pool).

· Instructed the Ethena team to disable Bera bridging

· Lending markets to disable/pause USDe deposits

· Suspended HONEY token minting and redemption

· Communicated with CEXs and others to ensure hacker addresses are blacklisted

Our goal is to recover funds as soon as possible and ensure the safety of all LPs. The Berachain team will release binaries to relevant node validators and service providers as soon as they are ready (since the pool contains non-native assets, some slot restructuring is involved, not just modifying Bera token balances)."

With Balancer Hacked, the Most Anxious Are Crypto Whales

As a veteran DeFi protocol, Balancer's users are undoubtedly the most directly affected by this theft. For current users, actions that can be taken include:

· Withdraw funds from Balancer v2 pools to avoid further losses;

· Revoke authorizations: use Revoke, DeBank, or Etherscan to cancel smart contract permissions for Balancer addresses to avoid potential security risks;

· Stay alert: closely monitor the next moves of the Balancer attacker and whether there will be a domino effect on other DeFi protocols.

In addition, this theft incident has drawn market attention to a crypto whale that had been dormant for three years.

According to monitoring by LookonChain, a crypto whale 0×0090, who had been inactive for three years, just woke up after the Balancer platform vulnerability occurred, urgently withdrawing $6.5 million in related assets from Balancer.

Follow-up Progress: Hacker Begins Token Swapping Mode

According to on-chain analyst Ember, the hacker behind the Balancer theft has begun attempting to swap various liquid staking tokens (LST) for ETH. Previously, they swapped 10 osETH for 10.55 ETH.

On-chain information shows the hacker is continuously using Cow Protocol to swap stolen assets from multiple chains into ETH, USDC, and other assets. At present, the hope of recovering these stolen assets appears slim.

Going forward, whether Balancer can promptly identify the protocol contract vulnerability and quickly recover the stolen assets or provide corresponding solutions, Odaily will continue to follow up.