Original article by Odaily Planet Daily ( @OdailyChina )

Author｜Wenser ( @wenser2010 )

On November 3rd, it was reported that Balancer, a veteran DeFi protocol, had suffered a theft of over $70 million in assets. This news was subsequently confirmed by multiple sources, and the amount of stolen funds continued to rise. As of this writing, the amount of stolen assets from Balancer has increased to over $116 million. Odaily will provide a brief analysis of this matter in this article.

Details of the Balancer theft: Losses exceeded $116 million, primarily due to a vulnerability in the v2 pool smart contract.

According to on-chain information, the Balancer attackers have stolen over $116 million, primarily in the form of WETH, wstETH, osETH, frxETH, rsETH, and rETH, distributed across multiple chains including ETH, Base, and Sonic.

• The amount of assets stolen from the Ethereum blockchain is approximately $100 million.
• Nearly $8 million in assets were stolen from the Arbitrum blockchain.
• Stolen assets on the Base blockchain: nearly $3.95 million;
• Stolen assets on the Sonic blockchain: Over $3.4 million;
• Stolen assets on the Optimism blockchain: nearly $1.57 million;
• The stolen assets on the Polygon blockchain amount to approximately $230,000.

Crypto KOL Adi reported that preliminary investigations indicate the attack primarily targeted Balancer's V2 vaults and liquidity pools, exploiting vulnerabilities in smart contract interactions. On-chain investigators pointed out that a maliciously deployed contract manipulated Vault calls during liquidity pool initialization. Incorrect authorization and callback handling allowed the attacker to bypass safeguards, enabling unauthorized swaps or balance manipulation between interconnected liquidity pools, resulting in the rapid theft of assets within minutes.

Based on the available information, there is no private key leak; this is purely a smart contract vulnerability.

Balancer has also responded, stating : "The official team is aware of the potential vulnerability affecting Balancer v2 pools. Our engineering and security teams are investigating this as a high priority. We will share verified updates and follow-up steps as soon as we have more information."

Smokey The Bera, founder of Berachain, stated, "The Bera node group has proactively suspended the operation of the public chain to prevent the Balancer vulnerability from affecting BEX (mainly the USDe three pools)."

• Have the Ethena team disable Bera bridging.
• Disabling/Suspending USDe Deposits in the Lending Market
• HONEY token minting and exchange suspended
• We communicated with CEX and other organizations to ensure that the hacker's address was blacklisted.

Our goal is to recover funds as quickly as possible and ensure the safety of all LPs. The Berachain team will release the binary to relevant node validators and service providers as soon as it is ready (this involves some slot refactoring, etc., and not just modifying the Bera token balance, as the pool contains non-native assets).

For detailed on-chain information regarding the Balancer attacker, please see: https://intel.arkm.com/explorer/entity/cd756cb8-6a84-4f40-9361-f6c548544430

The Balancer hack has alarmed crypto whales the most.

As a long-established DeFi protocol, Balancer users are undoubtedly the most directly affected by this theft. For users now, the following actions can be taken:

1. Withdraw funds from the Balancer v2 pool to prevent further losses;
2. Revoke authorization: Use Revoke, DeBank, or Etherscan to revoke smart contract permissions for a Balancer address to avoid potential security risks;
3. Stay alert: Closely monitor the Balancer attackers' next move and whether it will have a cascading impact on other DeFi protocols.

In addition, a crypto whale that had been dormant for three years was among the victims that attracted market attention during this theft.

According to LookonChain monitoring , a crypto whale, 0x0090, which had been dormant for three years, has just awakened after the Balancer platform vulnerability occurred, and is eager to withdraw its $6.5 million in assets from Balancer. On-chain information can be found at: https://intel.arkm.com/explorer/address/0x009023dA14A3C9f448B75f33cEb9291c21373bD8

Follow-up developments: Hacker mode activated

According to on-chain analyst Ember , the hackers involved in the Balancer theft have begun attempting to exchange numerous Liquidity Staking Tokens (LST) for ETH. Previously, they exchanged 10 osETH for 10.55 ETH.

On-chain information shows that hackers are using Cow Protocol to continuously exchange stolen assets across multiple blockchains for assets such as ETH and USDC. Currently, the chances of recovering these stolen assets appear slim.

Odaily will continue to follow up on whether Balancer can find the vulnerability in the protocol contract in time and recover the stolen assets or provide a corresponding solution.